func main()

in tink-envelope-encryption-sample/encrypted_keyset_cli.go [42:70]

• 25 lines of code
• 7 McCabe index (conditional complexity)

func main() {
	flag.Parse()

	// load master key
	ctx := context.Background()
	gcpClient, err := gcpkms.NewClientWithOptions(ctx, *kekURI, option.WithCredentialsFile(*gcpCredential))
	if err != nil {
		log.Fatal(err)
	}
	registry.RegisterKMSClient(gcpClient)

	masterKey, err := gcpClient.GetAEAD(*kekURI)
	if err != nil {
		log.Fatal(err)
	}

	switch *mode {
	case "generate":
		if err := generateKeyset(*outputPath, masterKey); err != nil {
			log.Fatalf("Error generating keyset: %v", err)
		}
	case "encrypt", "decrypt":
		if err := processFile(*mode, *outputPath, *inputPath, *keysetPath, *associatedData, masterKey); err != nil {
			log.Fatalf("Error: %v", err)
		}
	default:
		log.Fatalf("Unsupported mode %s. Please choose 'generate', 'encrypt', or 'decrypt'", *mode)
	}
}