| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- (in-package :cl-user)
- (defpackage chatikbot.secrets
- (:use :cl)
- (:export :*secret-ring*
- :*secret-pass-store*
- :*secret-pass-bin*
- :secret-get
- :secret-set
- :secret-del
- :secret-wipe
- :with-secret))
- (in-package :chatikbot.secrets)
- (defvar *secret-ring* nil "GPG keyring path")
- (defvar *secret-pass-store* nil "pass store dir")
- (defvar *secret-pass-bin* "pass" "pass util binary")
- (defun pass (cmd path &key input (output :string) error-output)
- (let ((input-stream (when input (make-string-input-stream input))))
- (unwind-protect
- (uiop:run-program
- (format nil "~@[GNUPGHOME=~A ~]~@[PASSWORD_STORE_DIR=~A ~]~A ~A~@[ ~{~A~^/~}~]"
- *secret-ring* *secret-pass-store* *secret-pass-bin*
- cmd path)
- :input input-stream :output output :error-output error-output)
- (when input-stream
- (close input-stream)))))
- (defun secret-get (path)
- (handler-case
- (let ((*read-eval* nil))
- (values (read-from-string (pass "show" path))))
- (error () (values))))
- (defun secret-set (path value)
- (pass "insert --force --multiline" path
- :input (prin1-to-string value) :output nil :error-output :string))
- (defun secret-del (path)
- (pass "rm --force" path))
- (defun secret-wipe (data)
- (cond
- ((stringp data) (fill data #\Space))
- ((vectorp data) (fill data 0))
- ((consp data)
- (secret-wipe (car data))
- (secret-wipe (cdr data)))))
- (defmacro with-secret ((vars path) &body body)
- (alexandria:with-gensyms (secret)
- `(let ((,secret (ignore-errors (secret-get ,path))))
- (unwind-protect
- ,(if (listp vars)
- `(destructuring-bind ,vars ,secret ,@body)
- `(let ((,vars ,secret)) ,@body))
- (secret-wipe ,secret)))))
-
|
