TheArchive/restic
1
0
Fork 0
mirror of https://github.com/restic/restic.git synced 2025-08-12 15:07:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow specifying user and host when adding keys

Browse Source 
The username and hostname for new keys can be specified with the new
--user and --host flags, respectively. The flags are used only by the
`key add` command and are otherwise ignored.

This allows adding keys with for a desired user and host without having
to run restic as that particular user on that particular host, making
automated key management easier.

Co-authored-by: James TD Smith <ahktenzero@mohorovi.cc>
This commit is contained in:
Peter Schultz
2019-06-26 09:37:08 +02:00
parent 2b5a6d255a
commit 90fc639a67
4 changed files with 60 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
internal/repository/key.go
View File

@@ -58,7 +58,7 @@ var (
// createMasterKey creates a new master key in the given backend and encrypts
// it with the password.
func createMasterKey(s *Repository, password string) (*Key, error) {
return AddKey(context.TODO(), s, password, nil)
return AddKey(context.TODO(), s, password, "", "", nil)
}
// OpenKey tries do decrypt the key specified by name with the given password.
@@ -199,7 +199,7 @@ func LoadKey(ctx context.Context, s *Repository, name string) (k *Key, err error
}
// AddKey adds a new key to an already existing repository.
func AddKey(ctx context.Context, s *Repository, password string, template *crypto.Key) (*Key, error) {
func AddKey(ctx context.Context, s *Repository, password, username, hostname string, template *crypto.Key) (*Key, error) {
// make sure we have valid KDF parameters
if Params == nil {
p, err := crypto.Calibrate(KDFTimeout, KDFMemory)
@@ -213,24 +213,29 @@ func AddKey(ctx context.Context, s *Repository, password string, template *crypt
// fill meta data about key
newkey := &Key{
Created: time.Now(),
KDF: "scrypt",
N: Params.N,
R: Params.R,
P: Params.P,
Created: time.Now(),
Username: username,
Hostname: hostname,
KDF: "scrypt",
N: Params.N,
R: Params.R,
P: Params.P,
}
hn, err := os.Hostname()
if err == nil {
newkey.Hostname = hn
if newkey.Hostname == "" {
newkey.Hostname, _ = os.Hostname()
}
usr, err := user.Current()
if err == nil {
newkey.Username = usr.Username
if newkey.Username == "" {
usr, err := user.Current()
if err == nil {
newkey.Username = usr.Username
}
}
// generate random salt
var err error
newkey.Salt, err = crypto.NewSalt()
if err != nil {
panic("unable to read enough random bytes for salt: " + err.Error())