class Sanctum::Command::Create

Public Instance Methods

run(&block) click to toggle source
# File lib/sanctum/command/create.rb, line 11
def run(&block)
  if args.one?
    path = args.first
    validate_path(path)
    transit_key = determine_transit_key(path, targets)
    create_file(path, transit_key, &block)
  else
    raise ArgumentError, red('Please pass only one path argument')
  end
end

Private Instance Methods

create_file(path, transit_key) { |tmp_file| ... } click to toggle source
# File lib/sanctum/command/create.rb, line 23
def create_file(path, transit_key)
  # Calling vault_client will help prevent a race condition where the token is expired
  # and contents fail to encrypt
  vault_client
  tmp_file = Tempfile.new(File.basename(path))

  begin
    if block_given?
      yield tmp_file
    else
      TTY::Editor.open(tmp_file.path)
    end

    contents = File.read(tmp_file.path)
    data_hash = {"#{tmp_file.path}" => validate(contents)}
    write_encrypted_data(vault_client, data_hash, transit_key)
    tmp_file.close

    FileUtils.cp(tmp_file.path, path)
  rescue Exception => e
    # If write_encrypted_data failed, data would fail to write to disk
    # It would be sad to lose that data, at least this would print the contents to the console.
    puts red("Contents may have failed to write\nError: #{e}")
    puts yellow("Contents: \n#{contents}")
  ensure
    tmp_file.close
    secure_erase(tmp_file.path, tmp_file.length)
    tmp_file.unlink
  end
end
validate_path(path) click to toggle source
# File lib/sanctum/command/create.rb, line 54
def validate_path(path)
  path = Pathname.new(path)
  raise yellow("File exists, use edit command") if path.exist?

  path.dirname.mkpath unless path.dirname.exist?
end