flow-go/cmd/bootstrap/cmd/db_encryption_key.go at v0.37.12 · onflow/flow-go · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package cmd

import (
	"fmt"
	"path"

	"github.com/spf13/cobra"

	"github.com/onflow/flow-go/cmd/bootstrap/utils"
	"github.com/onflow/flow-go/cmd/util/cmd/common"
	model "github.com/onflow/flow-go/model/bootstrap"
)

// dbEncryptionKyCmd adds a command to the bootstrap utility which generates an
// AES-256 key for encrypting the secrets database, and writes it to the default
// path.
var dbEncryptionKyCmd = &cobra.Command{
	Use:   "db-encryption-key",
	Short: "Generates encryption key for secrets database and writes it to the default path within the bootstrap directory",
	Run:   dbEncryptionKeyRun,
}

func init() {
	rootCmd.AddCommand(dbEncryptionKyCmd)
}

func dbEncryptionKeyRun(_ *cobra.Command, _ []string) {

	// read nodeID written to boostrap dir by `bootstrap key`
	nodeID, err := readNodeID()
	if err != nil {
		log.Fatal().Err(err).Msg("could not read node id")
	}

	dbEncryptionKeyPath := fmt.Sprintf(model.PathSecretsEncryptionKey, nodeID)
	log = log.With().Str("path", dbEncryptionKeyPath).Logger()

	// check if the key already exists
	exists, err := common.PathExists(path.Join(flagOutdir, dbEncryptionKeyPath))
	if err != nil {
		log.Fatal().Err(err).Msg("could not check if db encryption key already exists")
	}
	if exists {
		log.Warn().Msg("DB encryption key already exists, exiting...")
		return
	}

	dbEncryptionKey, err := utils.GenerateSecretsDBEncryptionKey()
	if err != nil {
		log.Fatal().Err(err).Msg("could not generate db encryption key")
	}
	log.Info().Msg("generated db encryption key")

	err = common.WriteText(dbEncryptionKeyPath, flagOutdir, dbEncryptionKey)
	if err != nil {
		log.Fatal().Err(err).Msg("failed to write file")
	}

	log.Info().Msgf("wrote file %s/%s", flagOutdir, dbEncryptionKeyPath)
}