Skip to content

Commit f255f00

Browse files
authored
Add file encryption/decryption and release workflow (#14)
1 parent 21c1b6d commit f255f00

File tree

7 files changed

+435
-18
lines changed

7 files changed

+435
-18
lines changed

.github/signing-key.asc.iron

990 Bytes
Binary file not shown.

.github/workflows/ci.yaml

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,30 @@
11
name: ironoxide-cli
22

3-
on:
4-
push:
5-
branches:
6-
- master
7-
pull_request:
3+
on: push
84

95
jobs:
10-
check:
11-
name: Check
6+
test:
127
runs-on: ubuntu-18.04
138
steps:
149
- uses: actions/checkout@v2
10+
# Work around https://github.com/actions/cache/issues/133#issuecomment-599102035
11+
- run: sudo chown -R $(whoami):$(id -ng) ~/.cargo/
12+
name: Fix perms on .cargo so we can restore the cache.
13+
- name: Restore rust cache
14+
uses: actions/cache@v1
15+
with:
16+
key: ${{ github.workflow }}-rust-${{ hashFiles('Cargo.lock') }}
17+
restore-keys: |
18+
${{ github.workflow }}-rust-
19+
path: ~/.cargo
1520
- uses: actions-rs/toolchain@v1
1621
with:
1722
profile: minimal
1823
toolchain: stable
1924
override: true
2025
- uses: actions-rs/cargo@v1
2126
with:
22-
command: check
27+
command: test
2328
fmt:
2429
name: Rustfmt
2530
runs-on: ubuntu-18.04
@@ -35,3 +40,12 @@ jobs:
3540
with:
3641
command: fmt
3742
args: --all -- --check
43+
44+
security:
45+
runs-on: ubuntu-18.04
46+
steps:
47+
- uses: actions/checkout@v2
48+
- name: Rust security audit
49+
uses: actions-rs/audit-check@v1
50+
with:
51+
token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
name: release
2+
3+
on:
4+
push:
5+
tags:
6+
- '*'
7+
8+
jobs:
9+
release:
10+
runs-on: ubuntu-18.04
11+
needs: build
12+
steps:
13+
- uses: actions/checkout@v2
14+
- name: Decrypt PGP key
15+
uses: IronCoreLabs/ironhide-actions/decrypt@v1
16+
with:
17+
keys: ${{ secrets.IRONHIDE_KEYS }}
18+
input: .github/signing-key.asc.iron
19+
- name: Import PGP key
20+
run: gpg --batch --import .github/signing-key.asc
21+
- uses: actions/create-release@v1
22+
id: release
23+
env:
24+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
25+
with:
26+
tag_name: ${{ github.ref }}
27+
release_name: Version ${{ github.ref }}
28+
29+
- name: Download release artifacts from ubuntu-18.04
30+
uses: actions/download-artifact@v1
31+
with:
32+
name: release-ubuntu-18.04
33+
path: release/ubuntu-18.04
34+
- name: Sign artifact for ubuntu-18.04
35+
run: |
36+
gpg --batch --detach-sign -a release/ubuntu-18.04/ironoxide-cli-ubuntu-18.04
37+
gpg --batch --verify release/ubuntu-18.04/ironoxide-cli-ubuntu-18.04.asc release/ubuntu-18.04/ironoxide-cli-ubuntu-18.04
38+
- name: Upload artifact for ubuntu-18.04
39+
uses: actions/upload-release-asset@v1
40+
env:
41+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
42+
with:
43+
upload_url: ${{ steps.release.outputs.upload_url }}
44+
asset_path: release/ubuntu-18.04/ironoxide-cli-ubuntu-18.04
45+
asset_name: ironoxide-cli-ubuntu-18.04
46+
asset_content_type: application/data
47+
- name: Upload signature for ubuntu-18.04
48+
uses: actions/upload-release-asset@v1
49+
env:
50+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
51+
with:
52+
upload_url: ${{ steps.release.outputs.upload_url }}
53+
asset_path: release/ubuntu-18.04/ironoxide-cli-ubuntu-18.04.asc
54+
asset_name: ironoxide-cli-ubuntu-18.04.asc
55+
asset_content_type: application/pgp-signature
56+
57+
- name: Download release artifacts from macos-10.15
58+
uses: actions/download-artifact@v1
59+
with:
60+
name: release-macos-10.15
61+
path: release/macos-10.15
62+
- name: Sign artifact for macos-10.15
63+
run: |
64+
gpg --batch --detach-sign -a release/macos-10.15/ironoxide-cli-macos-10.15
65+
gpg --batch --verify release/macos-10.15/ironoxide-cli-macos-10.15.asc release/macos-10.15/ironoxide-cli-macos-10.15
66+
- name: Upload artifact for macos-10.15
67+
uses: actions/upload-release-asset@v1
68+
env:
69+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
70+
with:
71+
upload_url: ${{ steps.release.outputs.upload_url }}
72+
asset_path: release/macos-10.15/ironoxide-cli-macos-10.15
73+
asset_name: ironoxide-cli-macos-10.15
74+
asset_content_type: application/data
75+
- name: Upload signature for macos-10.15
76+
uses: actions/upload-release-asset@v1
77+
env:
78+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
79+
with:
80+
upload_url: ${{ steps.release.outputs.upload_url }}
81+
asset_path: release/macos-10.15/ironoxide-cli-macos-10.15.asc
82+
asset_name: ironoxide-cli-macos-10.15.asc
83+
asset_content_type: application/pgp-signature
84+
85+
build:
86+
strategy:
87+
matrix:
88+
os: [ ubuntu-18.04, macos-10.15 ]
89+
runs-on: ${{ matrix.os }}
90+
steps:
91+
- uses: actions/checkout@v2
92+
- uses: actions-rs/toolchain@v1
93+
with:
94+
toolchain: stable
95+
- uses: actions-rs/cargo@v1
96+
with:
97+
command: build
98+
args: --release
99+
- name: Package release artifacts
100+
working-directory: target/release
101+
run: mv ironoxide-cli ironoxide-cli-${{ matrix.os }}
102+
- name: Upload artifacts
103+
uses: actions/upload-artifact@v1
104+
with:
105+
name: release-${{ matrix.os }}
106+
path: target/release/ironoxide-cli-${{ matrix.os }}

Cargo.lock

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ serde_json = "~1.0"
1212
structopt = "~0.3"
1313
tokio = {version = "~0.2.11", features = ["macros"]}
1414
futures = "~0.3"
15+
itertools = "~0.9"
1516

1617
[profile.dev.package."*"]
1718
opt-level = 3

README.md

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ cargo install --git https://github.com/IronCoreLabs/ironoxide-cli
4343

4444
IronOxide CLI is used by running `ironoxide-cli`, followed by your desired subcommands and options.
4545
You can see all the available subcommands by running `ironoxide-cli -h`.
46-
Subcommands are currently broken into two categories: user commands and group commands.
46+
Subcommands are currently broken into three categories: user commands, group commands, and file commands.
4747

4848
### User Commands
4949

@@ -82,6 +82,18 @@ The `group-remove-members` subcommand is used to remove members from a group.
8282

8383
The `group-list` subcommand is used to list all groups that the user is a member or administrator of.
8484

85+
### File Commands
86+
87+
#### file-encrypt
88+
89+
The `file-encrypt` subcommand is used to encrypt a file to the provided users and groups. The calling user
90+
will also be granted access to the file. By default, the encrypted file will be output with the `.iron` extension appended.
91+
92+
#### file-decrypt
93+
94+
The `file-decrypt` subcommand is used to decrypt a file that the calling user has been granted access to. By default, the
95+
decrypted file will be output with the `.iron` extension removed.
96+
8597
## Examples
8698

8799
```console
@@ -110,6 +122,21 @@ Failures: []
110122
$ ironoxide-cli group-list ironemployee.json
111123
Found DeviceContext in "ironemployee.json"
112124
Groups found: ["employees"]
125+
126+
$ ironoxide-cli file-encrypt keys.json --groups employees --device ironadmin.json
127+
Read in file "keys.json"
128+
Found DeviceContext in "ironadmin.json"
129+
Successfully encrypted file to: [
130+
"User: ironadmin",
131+
"Group: employees",
132+
]
133+
Failed to encrypt file to: []
134+
Output encrypted file to "keys.json.iron"
135+
136+
$ ironoxide-cli file-decrypt keys.json.iron --device ironadmin.json
137+
Read in file "keys.json.iron"
138+
Found DeviceContext in "ironadmin.json"
139+
Output decrypted file to "keys.json"
113140
```
114141

115142
# License

0 commit comments

Comments
 (0)