Use ENCRYPT_KEY_BASE64 as alternative to ENCRYPT_KEY

Author: everesio

Dockerfile

@@ -1,11 +1,11 @@
-FROM golang:1.14 as builder
+FROM golang:1.17 as builder
 
 ARG MAKE_TARGET="test build"
 
 WORKDIR "/code"
 ADD . "/code"
 RUN make BINARY=spring-config-decryptor ${MAKE_TARGET}
 
-FROM alpine:3.12
+FROM scratch
 COPY --from=builder /code/spring-config-decryptor /spring-config-decryptor
 ENTRYPOINT ["/spring-config-decryptor"]

Dockerfile.build

@@ -1,4 +1,4 @@
-FROM golang:1.14 as builder
+FROM golang:1.17 as builder
 
 ARG GOOS=linux
 ARG GOARCH=amd64

Makefile

@@ -2,7 +2,7 @@
 
 .PHONY: clean build fmt test
 
-TAG           ?= "v0.0.3"
+TAG           ?= "v0.0.4"
 
 BUILD_FLAGS   ?=
 BINARY        ?= spring-config-decryptor

README.md

@@ -15,15 +15,15 @@ The secret values are base64 encoded and start with `{cipher}` prefix.
 
    Linux
 
-        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.2/spring-config-decryptor-v0.0.2-linux-amd64.tar.gz | tar xz
+        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-linux-amd64.tar.gz | tar xz
 
    macOS
 
-        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.2/spring-config-decryptor-v0.0.2-darwin-amd64.tar.gz | tar xz
+        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-darwin-amd64.tar.gz | tar xz
 
    windows
 
-        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.2/spring-config-decryptor-v0.0.2-windows-amd64.tar.gz | tar xz
+        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-windows-amd64.tar.gz | tar xz
 
 
 2. Move the binary in to your PATH.
@@ -62,7 +62,7 @@ The secret values are base64 encoded and start with `{cipher}` prefix.
       -f string
             The file name to decrypt. Use '-' for stdin. (default "-")
       -k string
-            The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY 
+            The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY / ENCRYPT_KEY_BASE64
       -o string
             The file to write the result to. Use '-' for stdout. (default "-")
     

main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/base64"
 	"flag"
 	"fmt"
 	"io"
@@ -11,13 +12,14 @@ import (
 )
 
 const (
-	defaultEnvEncryptKey = "ENCRYPT_KEY"
+	defaultEnvEncryptKey       = "ENCRYPT_KEY"
+	defaultEnvEncryptKeyBase64 = "ENCRYPT_KEY_BASE64"
 )
 
 var (
 	inputFile  = flag.String("f", "-", `The file name to decrypt. Use '-' for stdin.`)
 	outputFile = flag.String("o", "-", `The file to write the result to. Use '-' for stdout.`)
-	keyFile    = flag.String("k", "", fmt.Sprintf("The file with RSA private key. If empty the key is read from environment variable %s ", defaultEnvEncryptKey))
+	keyFile    = flag.String("k", "", fmt.Sprintf("The file with RSA private key. If empty the key is read from environment variable %s / %s", defaultEnvEncryptKey, defaultEnvEncryptKeyBase64))
 )
 
 func main() {
@@ -33,12 +35,15 @@ func main() {
 		if err != nil {
 			exitOnError("key file reading error: %v", err)
 		}
-	} else {
-		value := os.Getenv(defaultEnvEncryptKey)
-		if value == "" {
-			exitOnError("missing private key error, provide key in the env variable %s or use -k flag", defaultEnvEncryptKey)
-		}
+	} else if value := os.Getenv(defaultEnvEncryptKey); value != "" {
 		key = []byte(value)
+	} else if value = os.Getenv(defaultEnvEncryptKeyBase64); value != "" {
+		key, err = base64.StdEncoding.DecodeString(value)
+		if err != nil {
+			exitOnError("key file reading error: %v", err)
+		}
+	} else {
+		exitOnError("missing private key error, provide key in the env variable %s / %s or use -k flag", defaultEnvEncryptKey, defaultEnvEncryptKeyBase64)
 	}
 
 	var input io.Reader