()
| 118 | } |
| 119 | |
| 120 | func (*RootCmd) dbcryptDecryptCmd() *serpent.Command { |
| 121 | var flags decryptFlags |
| 122 | cmd := &serpent.Command{ |
| 123 | Use: "decrypt", |
| 124 | Short: "Decrypt a previously encrypted database.", |
| 125 | Handler: func(inv *serpent.Invocation) error { |
| 126 | ctx, cancel := context.WithCancel(inv.Context()) |
| 127 | defer cancel() |
| 128 | logger := slog.Make(sloghuman.Sink(inv.Stdout)) |
| 129 | if ok, _ := inv.ParsedFlags().GetBool("verbose"); ok { |
| 130 | logger = logger.Leveled(slog.LevelDebug) |
| 131 | } |
| 132 | |
| 133 | if err := flags.valid(); err != nil { |
| 134 | return err |
| 135 | } |
| 136 | |
| 137 | ks := make([][]byte, 0, len(flags.Keys)) |
| 138 | for _, k := range flags.Keys { |
| 139 | dk, err := base64.StdEncoding.DecodeString(k) |
| 140 | if err != nil { |
| 141 | return xerrors.Errorf("decode key: %w", err) |
| 142 | } |
| 143 | ks = append(ks, dk) |
| 144 | } |
| 145 | |
| 146 | ciphers, err := dbcrypt.NewCiphers(ks...) |
| 147 | if err != nil { |
| 148 | return xerrors.Errorf("create ciphers: %w", err) |
| 149 | } |
| 150 | |
| 151 | if _, err := cliui.Prompt(inv, cliui.PromptOptions{ |
| 152 | Text: "This will decrypt all encrypted data in the database. Are you sure you want to continue?", |
| 153 | IsConfirm: true, |
| 154 | }); err != nil { |
| 155 | return err |
| 156 | } |
| 157 | |
| 158 | sqlDriver := "postgres" |
| 159 | if codersdk.PostgresAuth(flags.PostgresAuth) == codersdk.PostgresAuthAWSIAMRDS { |
| 160 | sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver) |
| 161 | if err != nil { |
| 162 | return xerrors.Errorf("register aws rds iam auth: %w", err) |
| 163 | } |
| 164 | } |
| 165 | |
| 166 | sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, sqlDriver, flags.PostgresURL, nil) |
| 167 | if err != nil { |
| 168 | return xerrors.Errorf("connect to postgres: %w", err) |
| 169 | } |
| 170 | defer func() { |
| 171 | _ = sqlDB.Close() |
| 172 | }() |
| 173 | logger.Info(ctx, "connected to postgres") |
| 174 | if err := dbcrypt.Decrypt(ctx, logger, sqlDB, ciphers); err != nil { |
| 175 | return xerrors.Errorf("rotate ciphers: %w", err) |
| 176 | } |
| 177 | logger.Info(ctx, "operation completed successfully") |
no test coverage detected