mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
Add --forgot-key to key:rotate command (#14495)
Destroys all encrypted data
This commit is contained in:
parent
0155f2fc3f
commit
4b97abe225
@ -39,6 +39,7 @@ class KeyRotate extends LnmsCommand
|
||||
parent::__construct();
|
||||
$this->addArgument('old_key', InputArgument::OPTIONAL);
|
||||
$this->addOption('generate-new-key');
|
||||
$this->addOption('forgot-key');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -56,8 +57,13 @@ class KeyRotate extends LnmsCommand
|
||||
'exclude_unless:old_key,null',
|
||||
'boolean',
|
||||
],
|
||||
'forgot-key' => [
|
||||
'exclude_unless:old_key,null',
|
||||
'boolean',
|
||||
],
|
||||
'old_key' => [
|
||||
'exclude_if:generate-new-key,true',
|
||||
'exclude_if:forgot-key,true',
|
||||
'required',
|
||||
'starts_with:base64:',
|
||||
Rule::notIn([$new]),
|
||||
@ -72,6 +78,21 @@ class KeyRotate extends LnmsCommand
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ($this->option('forgot-key')) {
|
||||
$this->line(trans('commands.key:rotate.current_key', ['key' => $new]));
|
||||
$this->error(trans('commands.key:rotate.backup_key'));
|
||||
$this->newLine();
|
||||
|
||||
$this->error(trans('commands.key:rotate.destroy'));
|
||||
if ($this->confirm(trans('commands.key:rotate.destroy_confirm'))) {
|
||||
\App\Models\Config::where('config_name', 'validation.encryption.test')->delete();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
$old = $this->argument('old_key');
|
||||
if ($this->option('generate-new-key')) {
|
||||
$old = $new; // use key in env as existing key
|
||||
|
@ -129,14 +129,22 @@ return [
|
||||
'arguments' => [
|
||||
'old_key' => 'The old APP_KEY which is valid for encrypted data',
|
||||
],
|
||||
'options' => [
|
||||
'generate-new-key' => 'If you do not have the new key set in .env, use the APP_KEY from .env to decrypt data and generate a new key and set it in .env',
|
||||
'forgot-key' => 'If you do not have the old key, you must delete all encrypted data to be able to continue to use certain LibreNMS features',
|
||||
],
|
||||
'destroy' => 'Destroy all encrypted configuration data?',
|
||||
'destroy_confirm' => 'Only destroy all encrypted data if you cannot find the old APP_KEY!',
|
||||
'cleared-cache' => 'Config was cached, cleared cache to make sure APP_KEY is correct. Please re-run lnms key:rotate',
|
||||
'backup_keys' => 'Document BOTH keys! In case something goes wrong set the new key in .env and use the old key as an argument to this command',
|
||||
'backup_key' => 'Document this key! This key is required to access encrypted data',
|
||||
'backups' => 'This command could cause irreversible loss of data and will invalidate all browser sessions. Make sure you have backups.',
|
||||
'confirm' => 'I have backups and want to continue',
|
||||
'decrypt-failed' => 'Failed to decrypt :item, skipping',
|
||||
'failed' => 'Failed to decrypt item(s). Set new key as APP_KEY and run this again with the old key as an argument.',
|
||||
'new_key' => 'New key: :key',
|
||||
'old_key' => 'Old key: :key',
|
||||
'current_key' => 'Current APP_KEY: :key',
|
||||
'new_key' => 'New APP_KEY: :key',
|
||||
'old_key' => 'Old APP_KEY: :key',
|
||||
'save_key' => 'Save new key to .env?',
|
||||
'success' => 'Successfully rotated keys!',
|
||||
'validation-errors' => [
|
||||
|
Loading…
Reference in New Issue
Block a user