Separate cli into its own module; rename it to sp

sp/commands/commands.go

@@ -0,0 +1,100 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"sort"
+	"time"
+
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/services/credentials/types"
+)
+
+type CredentialClientInit func(ctx context.Context) (c types.CredentialClient)
+
+func check(err error) {
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
+
+func selectCredential(client types.CredentialClient) types.Credential {
+	var (
+		idKey  string
+		source string
+		prompt survey.Prompt
+	)
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
+	defer cancel()
+
+	mdch, errch := client.GetAllMetadata(ctx, "")
+	mds := map[string][]types.Metadata{}
+
+	fmt.Println()
+
+receive:
+	for {
+		select {
+		case <-ctx.Done():
+			check(ctx.Err())
+
+		case err := <-errch:
+			check(err)
+
+		case md, ok := <-mdch:
+			if !ok {
+				break receive
+			}
+
+			mds[md.SourceHost] = append(mds[md.SourceHost], md)
+		}
+	}
+
+	sources := []string{}
+	for source := range mds {
+		sources = append(sources, source)
+	}
+
+	sort.Strings(sources)
+
+	prompt = &survey.Select{
+		Message:  "Source host:",
+		Options:  sources,
+		PageSize: 20,
+		VimMode:  true,
+	}
+
+	check(survey.AskOne(prompt, &source, nil))
+
+	keys := []string{}
+	keyIDMap := map[string]string{}
+	for _, md := range mds[source] {
+		key := md.Primary
+		if md.Tag != "" {
+			key += "-" + md.Tag
+		}
+		keys = append(keys, key)
+		keyIDMap[key] = md.ID
+	}
+
+	prompt = &survey.Select{
+		Message:  "Primary user key (and tag):",
+		Options:  keys,
+		PageSize: 20,
+		VimMode:  true,
+	}
+
+	check(survey.AskOne(prompt, &idKey, nil))
+
+	ctx, cancel = context.WithTimeout(context.Background(), time.Second*5)
+	defer cancel()
+
+	cred, err := client.Get(ctx, keyIDMap[idKey])
+	check(err)
+
+	return cred
+}

sp/commands/create.go

@@ -0,0 +1,155 @@
+package commands
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/atotto/clipboard"
+	"github.com/pquerna/otp/totp"
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/services/credentials/types"
+	"github.com/mitchell/selfpass/sp/crypto"
+	clitypes "github.com/mitchell/selfpass/sp/types"
+)
+
+func makeCreate(repo clitypes.ConfigRepo, initClient CredentialClientInit) *cobra.Command {
+	var length uint
+	var numbers bool
+	var specials bool
+
+	createCmd := &cobra.Command{
+		Use:   "create",
+		Short: "Create a credential in Selfpass",
+		Long: `Create a credential in Selfpass, and save it to the server after encrypting the
+password.`,
+
+		Run: func(_ *cobra.Command, args []string) {
+			var (
+				otp     bool
+				cleancb bool
+				newpass bool
+				ci      types.CredentialInput
+			)
+
+			masterpass, cfg, err := repo.OpenConfig()
+			check(err)
+
+			mdqs := []*survey.Question{
+				{
+					Name:   "primary",
+					Prompt: &survey.Input{Message: "Primary user key:"},
+				},
+				{
+					Name:   "sourceHost",
+					Prompt: &survey.Input{Message: "Source host:"},
+				},
+				{
+					Name:   "loginURL",
+					Prompt: &survey.Input{Message: "Login url:"},
+				},
+				{
+					Name:   "tag",
+					Prompt: &survey.Input{Message: "Tag:"},
+				},
+			}
+			cqs := []*survey.Question{
+				{
+					Name:   "username",
+					Prompt: &survey.Input{Message: "Username:"},
+				},
+				{
+					Name:   "email",
+					Prompt: &survey.Input{Message: "Email:"},
+				},
+			}
+			check(survey.Ask(mdqs, &ci.MetadataInput))
+			check(survey.Ask(cqs, &ci))
+
+			key := cfg.GetString(clitypes.KeyPrivateKey)
+			keypass := crypto.GeneratePBKDF2Key([]byte(masterpass), []byte(key))
+
+			prompt := &survey.Confirm{Message: "Do you want a random password?", Default: true}
+			check(survey.AskOne(prompt, &newpass, nil))
+
+			if newpass {
+				ci.Password = crypto.GeneratePassword(int(length), numbers, specials)
+
+				var copypass bool
+				prompt = &survey.Confirm{Message: "Copy new pass to clipboard?", Default: true}
+				check(survey.AskOne(prompt, &copypass, nil))
+
+				if copypass {
+					check(clipboard.WriteAll(ci.Password))
+				}
+			} else {
+				prompt := &survey.Password{Message: "Password: "}
+				check(survey.AskOne(prompt, &ci.Password, nil))
+
+				var cpass string
+				prompt = &survey.Password{Message: "Confirm password: "}
+				check(survey.AskOne(prompt, &cpass, nil))
+
+				if ci.Password != cpass {
+					fmt.Println("passwords didn't match")
+					os.Exit(1)
+				}
+			}
+
+			cipherpass, err := crypto.CBCEncrypt(keypass, []byte(ci.Password))
+			check(err)
+
+			ci.Password = base64.StdEncoding.EncodeToString(cipherpass)
+
+			prompt = &survey.Confirm{Message: "Do you have an OTP/MFA secret?", Default: true}
+			check(survey.AskOne(prompt, &otp, nil))
+
+			if otp {
+				var secret string
+				prompt := &survey.Password{Message: "OTP secret:"}
+				check(survey.AskOne(prompt, &secret, nil))
+
+				ciphersecret, err := crypto.CBCEncrypt(keypass, []byte(secret))
+				check(err)
+
+				ci.OTPSecret = base64.StdEncoding.EncodeToString(ciphersecret)
+
+				var copyotp bool
+				prompt2 := &survey.Confirm{Message: "Copy new OTP to clipboard?", Default: true}
+				check(survey.AskOne(prompt2, &copyotp, nil))
+
+				if copyotp {
+					otp, err := totp.GenerateCode(secret, time.Now())
+					check(err)
+
+					check(clipboard.WriteAll(otp))
+				}
+			}
+
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*25)
+			defer cancel()
+
+			c, err := initClient(ctx).Create(ctx, ci)
+			check(err)
+
+			fmt.Println(c)
+
+			prompt = &survey.Confirm{Message: "Do you want to clear the clipboard?", Default: true}
+			check(survey.AskOne(prompt, &cleancb, nil))
+
+			if cleancb {
+				check(clipboard.WriteAll(" "))
+			}
+		},
+	}
+
+	createCmd.Flags().BoolVarP(&numbers, "numbers", "n", true, "use numbers in the generated password")
+	createCmd.Flags().BoolVarP(&specials, "specials", "s", false, "use special characters in the generated password")
+	createCmd.Flags().UintVarP(&length, "length", "l", 32, "length of the generated password")
+
+	return createCmd
+}

sp/commands/decrypt.go

@@ -0,0 +1,50 @@
+package commands
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/mitchell/selfpass/sp/crypto"
+	"github.com/mitchell/selfpass/sp/types"
+)
+
+func makeDecrypt(repo types.ConfigRepo) *cobra.Command {
+	decryptCmd := &cobra.Command{
+		Use:   "decrypt [file]",
+		Short: "Decrypt a file using your masterpass and secret key",
+		Long: `Decrypt a file using your masterpass and secret key, and replace the old file with
+the new file.`,
+		Args: cobra.ExactArgs(1),
+
+		Run: func(cmd *cobra.Command, args []string) {
+			masterpass, cfg, err := repo.OpenConfig()
+			check(err)
+
+			file := args[0]
+			fileout := file
+
+			if file[len(file)-4:] == ".enc" {
+				fileout = file[:len(file)-4]
+			}
+
+			contents, err := ioutil.ReadFile(file)
+			check(err)
+
+			key := cfg.GetString(types.KeyPrivateKey)
+			passkey := crypto.GeneratePBKDF2Key([]byte(masterpass), []byte(key))
+
+			contents, err = crypto.GCMDecrypt(passkey, contents)
+			check(err)
+
+			check(ioutil.WriteFile(fileout, contents, 0600))
+			check(os.Remove(file))
+
+			fmt.Println("Decrypted file: ", fileout)
+		},
+	}
+
+	return decryptCmd
+}

sp/commands/decrypt_cfg.go

@@ -0,0 +1,28 @@
+package commands
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/mitchell/selfpass/sp/types"
+)
+
+func makeDecryptCfg(repo types.ConfigRepo) *cobra.Command {
+	decryptCfg := &cobra.Command{
+		Use:   "decrypt-cfg",
+		Short: "Decrypt your config file",
+		Long:  "Decrypt your config file, so you can access your private key, host, and certs.",
+
+		Run: func(cmd *cobra.Command, args []string) {
+			_, _, err := repo.OpenConfig()
+			check(err)
+
+			check(repo.DecryptConfig())
+
+			fmt.Println("Config decrypted. It will automatically encrypt next run of sp.")
+		},
+	}
+
+	return decryptCfg
+}

sp/commands/delete.go

@@ -0,0 +1,42 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+)
+
+func makeDelete(initClient CredentialClientInit) *cobra.Command {
+	deleteCmd := &cobra.Command{
+		Use:   "delete",
+		Short: "Delete a credential using the given ID",
+		Long:  `Delete a credential using the given ID, permanently. THERE IS NO UNDOING THIS ACTION.`,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*15)
+			defer cancel()
+
+			client := initClient(ctx)
+
+			cred := selectCredential(client)
+
+			fmt.Println(cred)
+
+			var confirmed bool
+			prompt := &survey.Confirm{Message: "Are you sure you want to permanently delete this credential?"}
+			check(survey.AskOne(prompt, &confirmed, nil))
+
+			if confirmed {
+				ctx, cancel := context.WithTimeout(context.Background(), time.Second*25)
+				defer cancel()
+
+				check(initClient(ctx).Delete(ctx, cred.ID))
+			}
+		},
+	}
+
+	return deleteCmd
+}

sp/commands/encrypt.go

@@ -0,0 +1,46 @@
+package commands
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/mitchell/selfpass/sp/crypto"
+	"github.com/mitchell/selfpass/sp/types"
+)
+
+func makeEncrypt(repo types.ConfigRepo) *cobra.Command {
+	encryptCmd := &cobra.Command{
+		Use:   "encrypt [file]",
+		Short: "Encrypt a file using your masterpass and secret key",
+		Long: `Encrypt a file using your masterpass and secret key, and replace the old file with the
+new file.`,
+		Args: cobra.ExactArgs(1),
+
+		Run: func(cmd *cobra.Command, args []string) {
+			masterpass, cfg, err := repo.OpenConfig()
+			check(err)
+
+			file := args[0]
+			fileEnc := file + ".enc"
+
+			contents, err := ioutil.ReadFile(file)
+			check(err)
+
+			key := cfg.GetString(types.KeyPrivateKey)
+			passkey := crypto.GeneratePBKDF2Key([]byte(masterpass), []byte(key))
+
+			contents, err = crypto.GCMEncrypt(passkey, contents)
+			check(err)
+
+			check(ioutil.WriteFile(fileEnc, contents, 0600))
+			check(os.Remove(file))
+
+			fmt.Println("Encrypted file: ", fileEnc)
+		},
+	}
+
+	return encryptCmd
+}

sp/commands/gcm-to-cbc.go

@@ -0,0 +1,109 @@
+package commands
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"time"
+
+	"github.com/spf13/cobra"
+
+	"github.com/mitchell/selfpass/services/credentials/types"
+	"github.com/mitchell/selfpass/sp/crypto"
+	clitypes "github.com/mitchell/selfpass/sp/types"
+)
+
+func makeGCMToCBC(repo clitypes.ConfigRepo, initClient CredentialClientInit) *cobra.Command {
+	gcmToCBC := &cobra.Command{
+		Use:    "gcm-to-cbc",
+		Hidden: true,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			masterpass, cfg, err := repo.OpenConfig()
+			check(err)
+
+			privKey := cfg.GetString(clitypes.KeyPrivateKey)
+
+			fmt.Println(privKey)
+
+			oldHex, err := hex.DecodeString(privKey)
+			check(err)
+
+			oldKey, err := crypto.CombinePasswordAndKey([]byte(masterpass), oldHex)
+			check(err)
+
+			key := crypto.GeneratePBKDF2Key([]byte(masterpass), []byte(privKey))
+
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
+			defer cancel()
+
+			client := initClient(ctx)
+
+			mdch, errch := client.GetAllMetadata(ctx, "")
+
+		receive:
+			for {
+				select {
+				case <-ctx.Done():
+					check(ctx.Err())
+
+				case err := <-errch:
+					check(err)
+
+				case md, ok := <-mdch:
+					if !ok {
+						break receive
+					}
+
+					cred, err := client.Get(ctx, md.ID)
+					check(err)
+
+					cipherpass, err := base64.StdEncoding.DecodeString(cred.Password)
+					check(err)
+
+					plainpass, err := crypto.GCMDecrypt(oldKey, cipherpass)
+					check(err)
+
+					cipherpass, err = crypto.CBCEncrypt(key, plainpass)
+					check(err)
+
+					password := base64.StdEncoding.EncodeToString(cipherpass)
+
+					var otpSecret string
+
+					if cred.OTPSecret != "" {
+						ciphersecret, err := base64.StdEncoding.DecodeString(cred.OTPSecret)
+						check(err)
+
+						plainsecret, err := crypto.GCMDecrypt(oldKey, ciphersecret)
+						check(err)
+
+						ciphersecret, err = crypto.CBCEncrypt(key, plainsecret)
+						check(err)
+
+						otpSecret = base64.StdEncoding.EncodeToString(ciphersecret)
+					}
+
+					credIn := types.CredentialInput{
+						MetadataInput: types.MetadataInput{
+							Primary:    cred.Primary,
+							SourceHost: cred.SourceHost,
+							LoginURL:   cred.LoginURL,
+							Tag:        cred.Tag,
+						},
+						Username:  cred.Username,
+						Email:     cred.Email,
+						Password:  password,
+						OTPSecret: otpSecret,
+					}
+
+					_, err = client.Update(ctx, cred.ID, credIn)
+					check(err)
+				}
+			}
+		},
+	}
+
+	return gcmToCBC
+}

sp/commands/get.go

@@ -0,0 +1,94 @@
+package commands
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"time"
+
+	"github.com/atotto/clipboard"
+	"github.com/pquerna/otp/totp"
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/sp/crypto"
+	clitypes "github.com/mitchell/selfpass/sp/types"
+)
+
+func makeGet(repo clitypes.ConfigRepo, initClient CredentialClientInit) *cobra.Command {
+	getCmd := &cobra.Command{
+		Use:   "get",
+		Short: "Get a credential info and copy password to clipboard",
+		Long: `Get a credential's info and copy password to clipboard, from Selfpass server, after
+decrypting password.`,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			var (
+				copyPass bool
+				cleancb  bool
+				prompt   survey.Prompt
+			)
+
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*15)
+			defer cancel()
+
+			client := initClient(ctx)
+			masterpass, cfg, err := repo.OpenConfig()
+			check(err)
+
+			cred := selectCredential(client)
+
+			fmt.Println(cred)
+
+			check(clipboard.WriteAll(string(cred.Primary)))
+
+			fmt.Println("Wrote primary user key to clipboard.")
+
+			key := cfg.GetString(clitypes.KeyPrivateKey)
+			passkey := crypto.GeneratePBKDF2Key([]byte(masterpass), []byte(key))
+
+			prompt = &survey.Confirm{Message: "Copy password to clipboard?", Default: true}
+			check(survey.AskOne(prompt, &copyPass, nil))
+
+			if copyPass {
+				passbytes, err := base64.StdEncoding.DecodeString(cred.Password)
+				check(err)
+
+				plainpass, err := crypto.CBCDecrypt(passkey, passbytes)
+
+				check(clipboard.WriteAll(string(plainpass)))
+
+				fmt.Println("Wrote password to clipboard.")
+			}
+
+			if cred.OTPSecret != "" {
+				var newOTP bool
+				prompt = &survey.Confirm{Message: "Generate one time password and copy to clipboard?", Default: true}
+				check(survey.AskOne(prompt, &newOTP, nil))
+
+				if newOTP {
+					secretbytes, err := base64.StdEncoding.DecodeString(cred.OTPSecret)
+					check(err)
+
+					plainsecret, err := crypto.CBCDecrypt(passkey, secretbytes)
+
+					otp, err := totp.GenerateCode(string(plainsecret), time.Now())
+					check(err)
+
+					check(clipboard.WriteAll(otp))
+
+					fmt.Println("Wrote one time password to clipboard.")
+				}
+			}
+
+			prompt = &survey.Confirm{Message: "Do you want to clear the clipboard?", Default: true}
+			check(survey.AskOne(prompt, &cleancb, nil))
+
+			if cleancb {
+				check(clipboard.WriteAll(" "))
+			}
+		},
+	}
+
+	return getCmd
+}

sp/commands/init.go

@@ -0,0 +1,87 @@
+package commands
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strings"
+
+	"github.com/google/uuid"
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/sp/types"
+)
+
+func makeInit(repo types.ConfigRepo) *cobra.Command {
+	initCmd := &cobra.Command{
+		Use:   "init",
+		Short: "This command initializes SPC for the first time",
+		Long: `This command initializes SPC for the first time. Writing to the user configuration
+the users private key, and server certificates. (All of which will be encrypted)`,
+		Run: func(cmd *cobra.Command, args []string) {
+			var (
+				hasPK       bool
+				masterpass  string
+				cmasterpass string
+				target      string
+				caFile      string
+				certFile    string
+				keyFile     string
+				prompt      survey.Prompt
+				privateKey  = strings.Replace(uuid.New().String(), "-", "", -1)
+			)
+			_, cfg, _ := repo.OpenConfig()
+
+			prompt = &survey.Password{Message: "New master password:"}
+			check(survey.AskOne(prompt, &masterpass, nil))
+
+			prompt = &survey.Password{Message: "Confirm master password:"}
+			check(survey.AskOne(prompt, &cmasterpass, nil))
+			if masterpass != cmasterpass {
+				check(fmt.Errorf("master passwords didn't match"))
+			}
+
+			repo.SetMasterpass(masterpass)
+
+			prompt = &survey.Input{Message: "Selfpass server address:"}
+			check(survey.AskOne(prompt, &target, nil))
+
+			prompt = &survey.Confirm{Message: "Do you have a private key?"}
+			check(survey.AskOne(prompt, &hasPK, nil))
+
+			if hasPK {
+				prompt = &survey.Password{Message: "Private key:"}
+				check(survey.AskOne(prompt, &privateKey, nil))
+				privateKey = strings.Replace(privateKey, "-", "", -1)
+			}
+
+			prompt = &survey.Input{Message: "CA certificate file:"}
+			check(survey.AskOne(prompt, &caFile, nil))
+			ca, err := ioutil.ReadFile(caFile)
+			check(err)
+
+			prompt = &survey.Input{Message: "Client certificate file:"}
+			check(survey.AskOne(prompt, &certFile, nil))
+			cert, err := ioutil.ReadFile(certFile)
+			check(err)
+
+			prompt = &survey.Input{Message: "Client key file:"}
+			check(survey.AskOne(prompt, &keyFile, nil))
+			key, err := ioutil.ReadFile(keyFile)
+			check(err)
+
+			cfg.Set(types.KeyConnConfig, map[string]string{
+				"target": target,
+				"ca":     string(ca),
+				"cert":   string(cert),
+				"key":    string(key),
+			})
+
+			cfg.Set(types.KeyPrivateKey, privateKey)
+
+			check(repo.WriteConfig())
+		},
+	}
+
+	return initCmd
+}

sp/commands/list.go

@@ -0,0 +1,77 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"sort"
+	"time"
+
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/services/credentials/types"
+)
+
+func makeList(initClient CredentialClientInit) *cobra.Command {
+	var sourceHost string
+
+	listCmd := &cobra.Command{
+		Use:   "list",
+		Short: "List the metadata for all credentials",
+		Long: `List the metadata for all credentials, with the option to filter by source host. Metadata
+includes almost all the information but the most sensitive.`,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
+			defer cancel()
+
+			mdch, errch := initClient(ctx).GetAllMetadata(ctx, sourceHost)
+			mds := map[string][]types.Metadata{}
+
+			fmt.Println()
+
+		receive:
+			for {
+				select {
+				case <-ctx.Done():
+					check(ctx.Err())
+
+				case err := <-errch:
+					check(err)
+
+				case md, ok := <-mdch:
+					if !ok {
+						break receive
+					}
+
+					mds[md.SourceHost] = append(mds[md.SourceHost], md)
+				}
+			}
+
+			sources := []string{}
+			for source := range mds {
+				sources = append(sources, source)
+			}
+
+			sort.Strings(sources)
+
+			prompt := &survey.Select{
+				Message:  "Source host:",
+				Options:  sources,
+				PageSize: 20,
+				VimMode:  true,
+			}
+
+			var source string
+			check(survey.AskOne(prompt, &source, nil))
+
+			for _, md := range mds[source] {
+				fmt.Println(md)
+			}
+
+			fmt.Println("Done listing.")
+		},
+	}
+
+	return listCmd
+}

sp/commands/root.go

@@ -0,0 +1,62 @@
+package commands
+
+import (
+	"context"
+
+	"github.com/spf13/cobra"
+
+	credrepos "github.com/mitchell/selfpass/services/credentials/repositories"
+	credtypes "github.com/mitchell/selfpass/services/credentials/types"
+	"github.com/mitchell/selfpass/sp/repositories"
+	"github.com/mitchell/selfpass/sp/types"
+)
+
+func Execute() {
+	rootCmd := &cobra.Command{
+		Use:   "sp",
+		Short: "This is the CLI client for Selfpass.",
+		Long: `This is the CLI client for Selfpass, the self-hosted password manager. With this tool you
+can interact with the entire Selfpass API.`,
+		Version: "v0.1.0",
+	}
+
+	cfgFile := rootCmd.PersistentFlags().String("config", "", "config file (default is $HOME/.sp.toml)")
+
+	mgr := repositories.NewConfigManager(cfgFile)
+	clientInit := credrepos.NewCredentialServiceClient
+
+	rootCmd.AddCommand(
+		makeInit(mgr),
+		makeEncrypt(mgr),
+		makeDecrypt(mgr),
+		makeDecryptCfg(mgr),
+		makeList(makeInitClient(mgr, clientInit)),
+		makeCreate(mgr, makeInitClient(mgr, clientInit)),
+		makeUpdate(mgr, makeInitClient(mgr, clientInit)),
+		makeGet(mgr, makeInitClient(mgr, clientInit)),
+		makeDelete(makeInitClient(mgr, clientInit)),
+		makeGCMToCBC(mgr, makeInitClient(mgr, clientInit)),
+	)
+
+	check(rootCmd.Execute())
+}
+
+func makeInitClient(repo types.ConfigRepo, initClient credtypes.CredentialClientInit) CredentialClientInit {
+	return func(ctx context.Context) credtypes.CredentialClient {
+		_, cfg, err := repo.OpenConfig()
+		check(err)
+
+		connConfig := cfg.GetStringMapString(types.KeyConnConfig)
+
+		client, err := initClient(
+			ctx,
+			connConfig["target"],
+			connConfig["ca"],
+			connConfig["cert"],
+			connConfig["key"],
+		)
+		check(err)
+
+		return client
+	}
+}

sp/commands/update.go

@@ -0,0 +1,190 @@
+package commands
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/atotto/clipboard"
+	"github.com/pquerna/otp/totp"
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/services/credentials/types"
+	"github.com/mitchell/selfpass/sp/crypto"
+	clitypes "github.com/mitchell/selfpass/sp/types"
+)
+
+func makeUpdate(repo clitypes.ConfigRepo, initClient CredentialClientInit) *cobra.Command {
+	var length uint
+	var numbers bool
+	var specials bool
+
+	updateCmd := &cobra.Command{
+		Use:   "update",
+		Short: "Update a credential in Selfpass",
+		Long: `Update a credential in Selfpass, and save it to the server after encrypting the
+password.`,
+
+		Run: func(_ *cobra.Command, args []string) {
+			var (
+				newpass bool
+				otp     bool
+				cleancb bool
+				prompt  survey.Prompt
+				ci      types.CredentialInput
+			)
+
+			masterpass, cfg, err := repo.OpenConfig()
+			check(err)
+
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*15)
+			defer cancel()
+
+			client := initClient(ctx)
+
+			cred := selectCredential(client)
+
+			mdqs := []*survey.Question{
+				{
+					Name: "primary",
+					Prompt: &survey.Input{
+						Message: "Primary user key:",
+						Default: cred.Primary,
+					},
+				},
+				{
+					Name: "sourceHost",
+					Prompt: &survey.Input{
+						Message: "Source host:",
+						Default: cred.SourceHost,
+					},
+				},
+				{
+					Name: "loginURL",
+					Prompt: &survey.Input{
+						Message: "Login url:",
+						Default: cred.LoginURL,
+					},
+				},
+				{
+					Name: "tag",
+					Prompt: &survey.Input{
+						Message: "Tag:",
+						Default: cred.Tag,
+					},
+				},
+			}
+			cqs := []*survey.Question{
+				{
+					Name: "username",
+					Prompt: &survey.Input{
+						Message: "Username:",
+						Default: cred.Username,
+					},
+				},
+				{
+					Name: "email",
+					Prompt: &survey.Input{
+						Message: "Email:",
+						Default: cred.Email,
+					},
+				},
+			}
+			check(survey.Ask(mdqs, &ci.MetadataInput))
+			check(survey.Ask(cqs, &ci))
+
+			ci.Password = cred.Password
+			ci.OTPSecret = cred.OTPSecret
+
+			key := cfg.GetString(clitypes.KeyPrivateKey)
+			keypass := crypto.GeneratePBKDF2Key([]byte(masterpass), []byte(key))
+
+			prompt = &survey.Confirm{Message: "Do you want a new password?", Default: true}
+			check(survey.AskOne(prompt, &newpass, nil))
+
+			if newpass {
+				var randpass bool
+				prompt = &survey.Confirm{Message: "Do you want a random password?", Default: true}
+				check(survey.AskOne(prompt, &randpass, nil))
+
+				if randpass {
+					ci.Password = crypto.GeneratePassword(int(length), numbers, specials)
+
+					var copypass bool
+					prompt = &survey.Confirm{Message: "Copy new pass to clipboard?", Default: true}
+					check(survey.AskOne(prompt, &copypass, nil))
+
+					if copypass {
+						check(clipboard.WriteAll(ci.Password))
+					}
+				} else {
+					prompt := &survey.Password{Message: "Password: "}
+					check(survey.AskOne(prompt, &ci.Password, nil))
+
+					var cpass string
+					prompt = &survey.Password{Message: "Confirm password: "}
+					check(survey.AskOne(prompt, &cpass, nil))
+
+					if ci.Password != cpass {
+						fmt.Println("passwords didn't match")
+						os.Exit(1)
+					}
+				}
+
+				cipherpass, err := crypto.CBCEncrypt(keypass, []byte(ci.Password))
+				check(err)
+
+				ci.Password = base64.StdEncoding.EncodeToString(cipherpass)
+			}
+
+			prompt = &survey.Confirm{Message: "Do you want to set a new OTP/MFA secret?", Default: true}
+			check(survey.AskOne(prompt, &otp, nil))
+
+			if otp {
+				var secret string
+				prompt := &survey.Password{Message: "OTP secret:"}
+				check(survey.AskOne(prompt, &secret, nil))
+
+				ciphersecret, err := crypto.CBCEncrypt(keypass, []byte(secret))
+				check(err)
+
+				ci.OTPSecret = base64.StdEncoding.EncodeToString(ciphersecret)
+
+				var copyotp bool
+				prompt2 := &survey.Confirm{Message: "Copy new OTP to clipboard?", Default: true}
+				check(survey.AskOne(prompt2, &copyotp, nil))
+
+				if copyotp {
+					otp, err := totp.GenerateCode(secret, time.Now())
+					check(err)
+
+					check(clipboard.WriteAll(otp))
+				}
+			}
+
+			ctx, cancel = context.WithTimeout(context.Background(), time.Second*25)
+			defer cancel()
+
+			c, err := initClient(ctx).Update(ctx, cred.ID, ci)
+			check(err)
+
+			fmt.Println(c)
+
+			prompt = &survey.Confirm{Message: "Do you want to clear the clipboard?", Default: true}
+			check(survey.AskOne(prompt, &cleancb, nil))
+
+			if cleancb {
+				check(clipboard.WriteAll(" "))
+			}
+		},
+	}
+
+	updateCmd.Flags().BoolVarP(&numbers, "numbers", "n", true, "use numbers in the generated password")
+	updateCmd.Flags().BoolVarP(&specials, "specials", "s", false, "use special characters in the generated password")
+	updateCmd.Flags().UintVarP(&length, "length", "l", 32, "length of the generated password")
+
+	return updateCmd
+}