MCPcopy Index your code
hub / github.com/coder/coder / dbcryptDecryptCmd

Method dbcryptDecryptCmd

enterprise/cli/server_dbcrypt.go:120–183  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

118}
119
120func (*RootCmd) dbcryptDecryptCmd() *serpent.Command {
121 var flags decryptFlags
122 cmd := &serpent.Command{
123 Use: "decrypt",
124 Short: "Decrypt a previously encrypted database.",
125 Handler: func(inv *serpent.Invocation) error {
126 ctx, cancel := context.WithCancel(inv.Context())
127 defer cancel()
128 logger := slog.Make(sloghuman.Sink(inv.Stdout))
129 if ok, _ := inv.ParsedFlags().GetBool("verbose"); ok {
130 logger = logger.Leveled(slog.LevelDebug)
131 }
132
133 if err := flags.valid(); err != nil {
134 return err
135 }
136
137 ks := make([][]byte, 0, len(flags.Keys))
138 for _, k := range flags.Keys {
139 dk, err := base64.StdEncoding.DecodeString(k)
140 if err != nil {
141 return xerrors.Errorf("decode key: %w", err)
142 }
143 ks = append(ks, dk)
144 }
145
146 ciphers, err := dbcrypt.NewCiphers(ks...)
147 if err != nil {
148 return xerrors.Errorf("create ciphers: %w", err)
149 }
150
151 if _, err := cliui.Prompt(inv, cliui.PromptOptions{
152 Text: "This will decrypt all encrypted data in the database. Are you sure you want to continue?",
153 IsConfirm: true,
154 }); err != nil {
155 return err
156 }
157
158 sqlDriver := "postgres"
159 if codersdk.PostgresAuth(flags.PostgresAuth) == codersdk.PostgresAuthAWSIAMRDS {
160 sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver)
161 if err != nil {
162 return xerrors.Errorf("register aws rds iam auth: %w", err)
163 }
164 }
165
166 sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, sqlDriver, flags.PostgresURL, nil)
167 if err != nil {
168 return xerrors.Errorf("connect to postgres: %w", err)
169 }
170 defer func() {
171 _ = sqlDB.Close()
172 }()
173 logger.Info(ctx, "connected to postgres")
174 if err := dbcrypt.Decrypt(ctx, logger, sqlDB, ciphers); err != nil {
175 return xerrors.Errorf("rotate ciphers: %w", err)
176 }
177 logger.Info(ctx, "operation completed successfully")

Callers 1

dbcryptCmdMethod · 0.95

Calls 13

validMethod · 0.95
attachMethod · 0.95
NewCiphersFunction · 0.92
PromptFunction · 0.92
PostgresAuthTypeAlias · 0.92
RegisterFunction · 0.92
ConnectToPostgresFunction · 0.92
DecryptFunction · 0.92
DecodeStringMethod · 0.80
ContextMethod · 0.65
CloseMethod · 0.65
ErrorfMethod · 0.45

Tested by

no test coverage detected