(c *cli.Context, fileName string, inputStore common.Store, optionalConfig *config.Config)
| 2110 | } |
| 2111 | |
| 2112 | func getEncryptConfig(c *cli.Context, fileName string, inputStore common.Store, optionalConfig *config.Config) (encryptConfig, error) { |
| 2113 | unencryptedSuffix := c.String("unencrypted-suffix") |
| 2114 | encryptedSuffix := c.String("encrypted-suffix") |
| 2115 | encryptedRegex := c.String("encrypted-regex") |
| 2116 | unencryptedRegex := c.String("unencrypted-regex") |
| 2117 | encryptedCommentRegex := c.String("encrypted-comment-regex") |
| 2118 | unencryptedCommentRegex := c.String("unencrypted-comment-regex") |
| 2119 | macOnlyEncrypted := c.GlobalBool("mac-only-encrypted") |
| 2120 | var err error |
| 2121 | if optionalConfig == nil { |
| 2122 | optionalConfig, err = loadConfig(c, fileName, nil) |
| 2123 | if err != nil { |
| 2124 | return encryptConfig{}, toExitError(err) |
| 2125 | } |
| 2126 | } |
| 2127 | if optionalConfig != nil { |
| 2128 | // command line options have precedence |
| 2129 | if unencryptedSuffix == "" { |
| 2130 | unencryptedSuffix = optionalConfig.UnencryptedSuffix |
| 2131 | } |
| 2132 | if encryptedSuffix == "" { |
| 2133 | encryptedSuffix = optionalConfig.EncryptedSuffix |
| 2134 | } |
| 2135 | if encryptedRegex == "" { |
| 2136 | encryptedRegex = optionalConfig.EncryptedRegex |
| 2137 | } |
| 2138 | if unencryptedRegex == "" { |
| 2139 | unencryptedRegex = optionalConfig.UnencryptedRegex |
| 2140 | } |
| 2141 | if encryptedCommentRegex == "" { |
| 2142 | encryptedCommentRegex = optionalConfig.EncryptedCommentRegex |
| 2143 | } |
| 2144 | if unencryptedCommentRegex == "" { |
| 2145 | unencryptedCommentRegex = optionalConfig.UnencryptedCommentRegex |
| 2146 | } |
| 2147 | if !macOnlyEncrypted { |
| 2148 | macOnlyEncrypted = optionalConfig.MACOnlyEncrypted |
| 2149 | } |
| 2150 | } |
| 2151 | |
| 2152 | isSingleValueStore := false |
| 2153 | if svs, ok := inputStore.(sops.SingleValueStore); ok { |
| 2154 | isSingleValueStore = svs.IsSingleValueStore() |
| 2155 | } |
| 2156 | |
| 2157 | if isSingleValueStore { |
| 2158 | // Warn about settings that potentially disable encryption of the single key. |
| 2159 | if unencryptedSuffix != "" { |
| 2160 | log.Warn(fmt.Sprintf("Using an unencrypted suffix does not make sense with the input store (the %s store produces one key that should always be encrypted) and will be ignored.", inputStore.Name())) |
| 2161 | } |
| 2162 | if encryptedSuffix != "" { |
| 2163 | log.Warn(fmt.Sprintf("Using an encrypted suffix does not make sense with the input store (the %s store produces one key that should always be encrypted) and will be ignored.", inputStore.Name())) |
| 2164 | } |
| 2165 | if encryptedRegex != "" { |
| 2166 | log.Warn(fmt.Sprintf("Using an encrypted regex does not make sense with the input store (the %s store produces one key that should always be encrypted) and will be ignored.", inputStore.Name())) |
| 2167 | } |
| 2168 | if unencryptedRegex != "" { |
| 2169 | log.Warn(fmt.Sprintf("Using an unencrypted regex does not make sense with the input store (the %s store produces one key that should always be encrypted) and will be ignored.", inputStore.Name())) |
no test coverage detected