allow config encryption

2025-09-09 01:51:53 +00:00 · 2021-06-05 19:13:22 +02:00
parent 7f18396926
commit cbaf40bb82
11 changed files with 162 additions and 43 deletions
--- a/terminus-settings/src/components/vaultSettingsTab.component.pug
+++ b/terminus-settings/src/components/vaultSettingsTab.component.pug
@@ -1,13 +1,14 @@
-.text-center(*ngIf='!vault.enabled')
+.text-center(*ngIf='!vault.isEnabled()')
    i.fas.fa-key.fa-3x.m-3
    h3.m-3 Vault is not configured
    .m-3 Vault is an always-encrypted container for secrets such as SSH passwords and private key passphrases.
    button.btn.btn-primary.m-2((click)='enableVault()') Set master passphrase

-div(*ngIf='vault.enabled')
+
+div(*ngIf='vault.isEnabled()')
    .d-flex.align-items-center.mb-3
        h3.m-0 Vault
-        .d-flex.ml-auto(ngbDropdown, *ngIf='vault.enabled')
+        .d-flex.ml-auto(ngbDropdown, *ngIf='vault.isEnabled()')
            button.btn.btn-secondary(ngbDropdownToggle) Options
            div(ngbDropdownMenu)
                a(ngbDropdownItem, (click)='changePassphrase()')
@@ -29,6 +30,16 @@ div(*ngIf='vault.enabled')
                button.btn.btn-link((click)='removeSecret(secret)')
                    i.fas.fa-trash

+        h3.mt-5 Options
+        .form-line
+            .header
+                .title Encrypt config file
+                .description Puts all of Terminus configuration into the vault
+            toggle(
+                [ngModel]='config.store.encrypted',
+                (click)='toggleConfigEncrypted()',
+            )
+
    .text-center(*ngIf='!vaultContents')
        i.fas.fa-key.fa-3x
        h3.m-3 Vault is locked
--- a/terminus-settings/src/components/vaultSettingsTab.component.ts
+++ b/terminus-settings/src/components/vaultSettingsTab.component.ts
@@ -1,7 +1,7 @@
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 import { Component } from '@angular/core'
 import { NgbModal } from '@ng-bootstrap/ng-bootstrap'
-import { BaseComponent, VaultService, VaultSecret, Vault, PlatformService } from 'terminus-core'
+import { BaseComponent, VaultService, VaultSecret, Vault, PlatformService, ConfigService } from 'terminus-core'
 import { SetVaultPassphraseModalComponent } from './setVaultPassphraseModal.component'


@@ -15,6 +15,7 @@ export class VaultSettingsTabComponent extends BaseComponent {

    constructor (
        public vault: VaultService,
+        public config: ConfigService,
        private platform: PlatformService,
        private ngbModal: NgbModal,
    ) {
@@ -60,6 +61,16 @@ export class VaultSettingsTabComponent extends BaseComponent {
        this.vault.save(this.vaultContents, newPassphrase)
    }

+    async toggleConfigEncrypted () {
+        this.config.store.encrypted = !this.config.store.encrypted
+        try {
+            await this.config.save()
+        } catch (e) {
+            this.config.store.encrypted = !this.config.store.encrypted
+            throw e
+        }
+    }
+
    getSecretLabel (secret: VaultSecret) {
        if (secret.type === 'ssh:password') {
            return `SSH password for ${secret.key.user}@${secret.key.host}:${secret.key.port}`