in logstash-core/src/main/java/org/logstash/secret/cli/SecretStoreCli.java [207:329]
public void command(String primaryCommand, SecureConfig config, String... allArguments) {
terminal.writeLine("");
final Optional<CommandLine> commandParseResult;
try {
commandParseResult = Command.parse(primaryCommand, allArguments);
} catch (InvalidCommandException e) {
terminal.writeLine(String.format("ERROR: %s", e.getMessage()));
return;
}
if (commandParseResult.isEmpty()) {
printHelp();
return;
}
final CommandLine commandLine = commandParseResult.get();
switch (commandLine.getCommand()) {
case CREATE: {
if (commandLine.hasOption(CommandOptions.HELP)) {
terminal.writeLine("Creates a new keystore. For example: 'bin/logstash-keystore create'");
return;
}
if (secretStoreFactory.exists(config.clone())) {
terminal.write("An Logstash keystore already exists. Overwrite ? [y/N] ");
if (isYes(terminal.readLine())) {
create(config);
}
} else {
create(config);
}
break;
}
case LIST: {
if (commandLine.hasOption(CommandOptions.HELP)) {
terminal.writeLine("List all secret identifiers from the keystore. For example: " +
"`bin/logstash-keystore list`. Note - only the identifiers will be listed, not the secrets.");
return;
}
Collection<SecretIdentifier> ids = secretStoreFactory.load(config).list();
List<String> keys = ids.stream().filter(id -> !id.equals(LOGSTASH_MARKER)).map(id -> id.getKey()).collect(Collectors.toList());
Collections.sort(keys);
keys.forEach(terminal::writeLine);
break;
}
case ADD: {
if (commandLine.hasOption(CommandOptions.HELP)) {
terminal.writeLine("Add secrets to the keystore. For example: " +
"`bin/logstash-keystore add my-secret`, at the prompt enter your secret. You will use the identifier ${my-secret} in your Logstash configuration.");
return;
}
if (commandLine.getArguments().isEmpty()) {
terminal.writeLine("ERROR: You must supply an identifier to add. (e.g. bin/logstash-keystore add my-secret)");
return;
}
if (secretStoreFactory.exists(config.clone())) {
final SecretStore secretStore = secretStoreFactory.load(config);
for (String argument : commandLine.getArguments()) {
if (!ConfigVariableExpander.KEY_PATTERN.matcher(argument).matches()) {
throw new IllegalArgumentException(String.format("Invalid secret key name `%s` provided. %s", argument, ConfigVariableExpander.KEY_PATTERN_DESCRIPTION));
}
final SecretIdentifier id = new SecretIdentifier(argument);
final byte[] existingValue = secretStore.retrieveSecret(id);
if (existingValue != null) {
SecretStoreUtil.clearBytes(existingValue);
terminal.write(String.format("%s already exists. Overwrite ? [y/N] ", argument));
if (!isYes(terminal.readLine())) {
continue;
}
}
final String enterValueMessage = String.format("Enter value for %s: ", argument);
char[] secret = null;
while (secret == null) {
terminal.write(enterValueMessage);
final char[] readSecret = terminal.readSecret();
if (readSecret == null || readSecret.length == 0) {
terminal.writeLine("ERROR: Value cannot be empty");
continue;
}
if (!ASCII_ENCODER.canEncode(CharBuffer.wrap(readSecret))) {
terminal.writeLine("ERROR: Value must contain only ASCII characters");
continue;
}
secret = readSecret;
}
add(secretStore, id, SecretStoreUtil.asciiCharToBytes(secret));
}
} else {
terminal.writeLine("ERROR: Logstash keystore not found. Use 'create' command to create one.");
}
break;
}
case REMOVE: {
if (commandLine.hasOption(CommandOptions.HELP)) {
terminal.writeLine("Remove secrets from the keystore. For example: " +
"`bin/logstash-keystore remove my-secret`");
return;
}
if (commandLine.getArguments().isEmpty()) {
terminal.writeLine("ERROR: You must supply a value to remove. (e.g. bin/logstash-keystore remove my-secret)");
return;
}
final SecretStore secretStore = secretStoreFactory.load(config);
for (String argument : commandLine.getArguments()) {
SecretIdentifier id = new SecretIdentifier(argument);
if (secretStore.containsSecret(id)) {
secretStore.purgeSecret(id);
terminal.writeLine(String.format("Removed '%s' from the Logstash keystore.", id.getKey()));
} else {
terminal.writeLine(String.format("ERROR: '%s' does not exist in the Logstash keystore.", argument));
}
}
break;
}
}
}