Implemented all but update from cli client to server;

solidified encryption;
setup deployment mechanism for GCP

cli/commands/decrypt.go

@@ -0,0 +1,52 @@
+package commands
+
+import (
+	"encoding/hex"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+
+	"github.com/mitchell/selfpass/credentials/commands"
+	"github.com/mitchell/selfpass/crypto"
+)
+
+func makeDecrypt(masterpass string, cfg *viper.Viper) *cobra.Command {
+	decryptCmd := &cobra.Command{
+		Use:   "decrypt [file]",
+		Short: "Decrypt a file using your masterpass and secret key",
+		Long: `Decrypt a file using your masterpass and secret key, and replace the old file with
+the new file.`,
+		Args: cobra.ExactArgs(1),
+
+		Run: func(cmd *cobra.Command, args []string) {
+			file := args[0]
+			fileout := file
+
+			if file[len(file)-4:] == ".enc" {
+				fileout = file[:len(file)-4]
+			}
+
+			contents, err := ioutil.ReadFile(file)
+			check(err)
+
+			key, err := hex.DecodeString(cfg.GetString(commands.KeyPrivateKey))
+			check(err)
+
+			passkey, err := crypto.CombinePasswordAndKey([]byte(masterpass), []byte(key))
+			check(err)
+
+			contents, err = crypto.CBCDecrypt(passkey, contents)
+			check(err)
+
+			check(ioutil.WriteFile(fileout, contents, 0600))
+			check(os.Remove(file))
+
+			fmt.Println("Decrypted file: ", fileout)
+		},
+	}
+
+	return decryptCmd
+}

cli/commands/encrypt.go

@@ -0,0 +1,48 @@
+package commands
+
+import (
+	"encoding/hex"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+
+	"github.com/mitchell/selfpass/credentials/commands"
+	"github.com/mitchell/selfpass/crypto"
+)
+
+func makeEncrypt(masterpass string, cfg *viper.Viper) *cobra.Command {
+	encryptCmd := &cobra.Command{
+		Use:   "encrypt [file]",
+		Short: "Encrypt a file using your masterpass and secret key",
+		Long: `Encrypt a file using your masterpass and secret key, and replace the old file with the
+new file.`,
+		Args: cobra.ExactArgs(1),
+
+		Run: func(cmd *cobra.Command, args []string) {
+			file := args[0]
+			fileEnc := file + ".enc"
+
+			contents, err := ioutil.ReadFile(file)
+			check(err)
+
+			key, err := hex.DecodeString(cfg.GetString(commands.KeyPrivateKey))
+			check(err)
+
+			passkey, err := crypto.CombinePasswordAndKey([]byte(masterpass), []byte(key))
+			check(err)
+
+			contents, err = crypto.CBCEncrypt(passkey, contents)
+			check(err)
+
+			check(ioutil.WriteFile(fileEnc, contents, 0600))
+			check(os.Remove(file))
+
+			fmt.Println("Encrypted file: ", fileEnc)
+		},
+	}
+
+	return encryptCmd
+}

cli/commands/init.go

@@ -0,0 +1,95 @@
+package commands
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strings"
+
+	"github.com/google/uuid"
+	"github.com/mitchellh/go-homedir"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/credentials/commands"
+)
+
+func makeInit(cfg *viper.Viper) *cobra.Command {
+	initCmd := &cobra.Command{
+		Use:   "init",
+		Short: "This command initializes SPC for the first time",
+		Long: `This command initializes SPC for the first time. Writing to the user configuration
+the users private key, and server certificates. (All of which will be encrypted)`,
+		Run: func(cmd *cobra.Command, args []string) {
+			var (
+				hasPK       bool
+				masterpass  string
+				cmasterpass string
+				target      string
+				caFile      string
+				certFile    string
+				keyFile     string
+				prompt      survey.Prompt
+				privateKey  = strings.Replace(uuid.New().String(), "-", "", -1)
+			)
+
+			prompt = &survey.Password{Message: "New master password:"}
+			check(survey.AskOne(prompt, &masterpass, nil))
+
+			prompt = &survey.Password{Message: "Confirm master password:"}
+			check(survey.AskOne(prompt, &cmasterpass, nil))
+			if masterpass != cmasterpass {
+				check(fmt.Errorf("master passwords didn't match"))
+			}
+
+			prompt = &survey.Input{Message: "Selfpass server address:"}
+			check(survey.AskOne(prompt, &target, nil))
+
+			prompt = &survey.Confirm{Message: "Do you have a private key?"}
+			check(survey.AskOne(prompt, &hasPK, nil))
+
+			if hasPK {
+				prompt = &survey.Input{Message: "Private key:"}
+				check(survey.AskOne(prompt, &privateKey, nil))
+				privateKey = strings.Replace(privateKey, "-", "", -1)
+			}
+
+			prompt = &survey.Input{Message: "CA certificate file:"}
+			check(survey.AskOne(prompt, &caFile, nil))
+			ca, err := ioutil.ReadFile(caFile)
+			check(err)
+
+			prompt = &survey.Input{Message: "Client certificate file:"}
+			check(survey.AskOne(prompt, &certFile, nil))
+			cert, err := ioutil.ReadFile(certFile)
+			check(err)
+
+			prompt = &survey.Input{Message: "Client key file:"}
+			check(survey.AskOne(prompt, &keyFile, nil))
+			key, err := ioutil.ReadFile(keyFile)
+			check(err)
+
+			cfg.Set(keyConnConfig, map[string]string{
+				"target": target,
+				"ca":     string(ca),
+				"cert":   string(cert),
+				"key":    string(key),
+			})
+
+			cfg.Set(commands.KeyPrivateKey, privateKey)
+
+			if err := cfg.WriteConfig(); err != nil {
+				home, err := homedir.Dir()
+				check(err)
+
+				check(cfg.WriteConfigAs(home + "/.spc.toml"))
+				cfg.SetConfigFile(home + "/.spc.toml")
+				fmt.Println("Wrote new config to: " + home + "/.spc.toml")
+			}
+
+			encryptConfig(masterpass, cfg)
+		},
+	}
+
+	return initCmd
+}

cli/commands/root.go

@@ -0,0 +1,160 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/mitchellh/go-homedir"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/credentials/commands"
+	credtypes "github.com/mitchell/selfpass/credentials/types"
+	"github.com/mitchell/selfpass/crypto"
+)
+
+func Execute(initClient credtypes.CredentialClientInit) {
+	rootCmd := &cobra.Command{
+		Use:   "spc",
+		Short: "This is the CLI client for Selfpass.",
+		Long: `This is the CLI client for Selfpass, the self-hosted password manager. With this tool you
+can interact with the entire Selfpass API.`,
+		Version: "v0.1.0",
+	}
+	rootCmd.InitDefaultHelpFlag()
+	rootCmd.InitDefaultVersionFlag()
+
+	cfgFile := rootCmd.PersistentFlags().String("config", "", "config file (default is $HOME/.spc.toml)")
+	decryptCfg := rootCmd.Flags().Bool("decrypt-cfg", false, "decrypt config file")
+	check(rootCmd.ParseFlags(os.Args))
+	encryptCfg := !*decryptCfg
+
+	var masterpass string
+	var cfg *viper.Viper
+	needsCfg := (len(os.Args) > 1 && !strings.Contains(strings.Join(os.Args, "--"), "--help")) || *decryptCfg
+
+	if needsCfg {
+		masterpass, cfg = openConfig(*cfgFile)
+		if encryptCfg && masterpass != "" {
+			defer encryptConfig(masterpass, cfg)
+		}
+		if *decryptCfg {
+			fmt.Println("Decrypting config file. It will auto-encrypt when you next run of spc.")
+			return
+		}
+	}
+
+	rootCmd.AddCommand(makeInit(cfg))
+	rootCmd.AddCommand(makeEncrypt(masterpass, cfg))
+	rootCmd.AddCommand(makeDecrypt(masterpass, cfg))
+	rootCmd.AddCommand(commands.MakeList(makeInitClient(cfg, initClient)))
+	rootCmd.AddCommand(commands.MakeCreate(masterpass, cfg, makeInitClient(cfg, initClient)))
+	rootCmd.AddCommand(commands.MakeGet(masterpass, cfg, makeInitClient(cfg, initClient)))
+	rootCmd.AddCommand(commands.MakeDelete(makeInitClient(cfg, initClient)))
+
+	check(rootCmd.Execute())
+}
+
+func makeInitClient(cfg *viper.Viper, initClient credtypes.CredentialClientInit) commands.CredentialClientInit {
+	return func(ctx context.Context) credtypes.CredentialClient {
+		connConfig := cfg.GetStringMapString(keyConnConfig)
+
+		client, err := initClient(
+			ctx,
+			connConfig["target"],
+			connConfig["ca"],
+			connConfig["cert"],
+			connConfig["key"],
+		)
+		if err != nil {
+			fmt.Printf("Please run 'init' command before running API commands.\nError Message: %s\n", err)
+			os.Exit(1)
+		}
+
+		return client
+	}
+}
+
+func openConfig(cfgFile string) (masterpass string, v *viper.Viper) {
+	v = viper.New()
+	v.SetConfigType("toml")
+
+	if cfgFile != "" {
+		// Use config file from the flag.
+		v.SetConfigFile(cfgFile)
+	} else {
+		// Find home directory.
+		home, err := homedir.Dir()
+		check(err)
+
+		// Search config in home directory with name ".spc" (without extension).
+		v.AddConfigPath(home)
+		v.SetConfigName(".spc")
+
+		cfgFile = home + "/.spc.toml"
+	}
+
+	if _, err := os.Open(cfgFile); !os.IsNotExist(err) {
+		prompt := &survey.Password{Message: "Master password:"}
+		check(survey.AskOne(prompt, &masterpass, nil))
+
+		decryptConfig(masterpass, cfgFile)
+	}
+
+	//v.AutomaticEnv() // read in environment variables that match
+
+	// If a config file is found, read it in.
+	if err := v.ReadInConfig(); err == nil {
+		fmt.Println("Using config file:", v.ConfigFileUsed())
+	}
+
+	return masterpass, v
+}
+
+func decryptConfig(masterpass string, cfgFile string) {
+	contents, err := ioutil.ReadFile(cfgFile)
+	check(err)
+
+	passkey, err := crypto.GenerateKeyFromPassword([]byte(masterpass))
+	check(err)
+
+	contents, err = crypto.CBCDecrypt(passkey, contents)
+	if err != nil && err.Error() == "Padding incorrect" {
+		fmt.Println("incorrect master password")
+		os.Exit(1)
+	} else if err != nil && err.Error() == "ciphertext is not a multiple of the block size" {
+		fmt.Println("Config wasn't encrypted.")
+		return
+	}
+	check(err)
+
+	check(ioutil.WriteFile(cfgFile, contents, 0600))
+}
+
+func encryptConfig(masterpass string, cfg *viper.Viper) {
+	contents, err := ioutil.ReadFile(cfg.ConfigFileUsed())
+	if os.IsNotExist(err) {
+		return
+	}
+
+	keypass, err := crypto.GenerateKeyFromPassword([]byte(masterpass))
+	check(err)
+
+	contents, err = crypto.CBCEncrypt(keypass, contents)
+	check(err)
+
+	check(ioutil.WriteFile(cfg.ConfigFileUsed(), contents, 0600))
+}
+
+func check(err error) {
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
+
+const keyConnConfig = "connection"