jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-04-04 21:00:39 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
temp-cli-refactor
opentf/website/docs/language/state/examples/encryption/keyprovider-external-provider.go

85 lines
2.1 KiB
Go
Raw Permalink Blame History

package main
import (
"encoding/json"
"io"
"log"
"os"
)
// Header is the initial greeting the key provider sends out.
type Header struct {
// Magic must always be OpenTofu-External-Keyprovider
Magic string `json:"magic"`
// Version must be 1.
Version int `json:"version"`
}
// Metadata describes both the input and the output metadata.
type Metadata struct {
ExternalData map[string]any `json:"external_data"`
}
// Input describes the input data structure. This is nil on input if no existing
// data needs to be decrypted.
type Input *Metadata
type Keys struct {
// EncryptionKey must always be provided.
EncryptionKey []byte `json:"encryption_key,omitempty"`
// DecryptionKey must be provided when the input metadata is present.
DecryptionKey []byte `json:"decryption_key,omitempty"`
}
// Output describes the output data written to stdout.
type Output struct {
Keys Keys `json:"keys"`
// Meta contains the metadata to store alongside the encrypted data. You can
// store data here you need to reconstruct the decryption key later.
Meta Metadata `json:"meta"`
}
func main() {
// Write logs to stderr
log.Default().SetOutput(os.Stderr)
// Write the header:
header := Header{
"OpenTofu-External-Key-Provider",
1,
}
marshalledHeader, err := json.Marshal(header)
if err != nil {
log.Fatalf("%v", err)
}
_, _ = os.Stdout.Write(append(marshalledHeader, []byte("\n")...))
// Read the input
input, err := io.ReadAll(os.Stdin)
if err != nil {
log.Fatalf("Failed to read stdin: %v", err)
}
var inMeta Input
if err := json.Unmarshal(input, &inMeta); err != nil {
log.Fatalf("Failed to parse stdin: %v", err)
}
var keys Keys
keys.EncryptionKey = []byte("AQIDBAUGBwgJCgsMDQ4PEA==") // TODO produce the encryption key
if inMeta != nil {
keys.DecryptionKey = []byte("AQIDBAUGBwgJCgsMDQ4PEA==") // TODO produce the decryption key
}
output := Output{
Keys: keys,
Meta: Metadata{
// TODO: customize your metadata
},
}
outputData, err := json.Marshal(output)
if err != nil {
log.Fatalf("Failed to encode output: %v", err)
}
_, _ = os.Stdout.Write(outputData)
}
Reference in New Issue View Git Blame Copy Permalink