feat: add master keys back

2026-02-13 12:50:05 +01:00 · 2025-09-01 13:45:09 +01:00
parent 95bd9615d1
commit 3f22521f49
8 changed files with 581 additions and 0 deletions
--- a/cmd/cli/keys.go
+++ b/cmd/cli/keys.go
@@ -0,0 +1,85 @@
+package cli
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+
+	"github.com/glueops/autoglue/internal/db"
+	"github.com/glueops/autoglue/internal/db/models"
+	"github.com/spf13/cobra"
+)
+
+var rotateMasterCmd = &cobra.Command{
+	Use:   "rotate-master",
+	Short: "Generate and activate a new master encryption key",
+	Args:  cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		key := make([]byte, 32)
+		if _, err := io.ReadFull(rand.Reader, key); err != nil {
+			return fmt.Errorf("generating random key: %w", err)
+		}
+
+		encoded := base64.StdEncoding.EncodeToString(key)
+
+		if err := db.DB.Model(&models.MasterKey{}).
+			Where("is_active = ?", true).
+			Update("is_active", false).Error; err != nil {
+			return fmt.Errorf("deactivating previous key: %w", err)
+		}
+
+		if err := db.DB.Create(&models.MasterKey{
+			Key:      encoded,
+			IsActive: true,
+		}).Error; err != nil {
+			return fmt.Errorf("creating new master key: %w", err)
+		}
+
+		fmt.Println("Master key rotated successfully")
+		return nil
+	},
+}
+
+var createMasterCmd = &cobra.Command{
+	Use:   "create-master",
+	Short: "Generate and activate a new master encryption key",
+	Args:  cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		key := make([]byte, 32)
+		if _, err := io.ReadFull(rand.Reader, key); err != nil {
+			return fmt.Errorf("generating random key: %w", err)
+		}
+
+		encoded := base64.StdEncoding.EncodeToString(key)
+
+		if err := db.DB.Create(&models.MasterKey{
+			Key:      encoded,
+			IsActive: true,
+		}).Error; err != nil {
+			return fmt.Errorf("creating master key: %w", err)
+		}
+
+		fmt.Println("Master key created successfully")
+		return nil
+	},
+}
+
+var keysCmd = &cobra.Command{
+	Use:   "keys",
+	Short: "Manage autoglue encryption keys",
+	Long:  "Manage autoglue master encryption keys used for securing data.",
+	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+		if db.DB != nil {
+			return nil
+		}
+		db.Connect()
+		return nil
+	},
+}
+
+func init() {
+	keysCmd.AddCommand(rotateMasterCmd)
+	keysCmd.AddCommand(createMasterCmd)
+	rootCmd.AddCommand(keysCmd)
+}