fix: encrypt certificate private key, read more than first line on en…

…crypt command (#43)

commands/secrets/create.go

@@ -28,7 +28,7 @@ func NewCreateCmd(printer *utils.Printer) *cobra.Command {
 		Use:     "create",
 		Aliases: []string{"new"},
 		Short:   "Create a new secret",
-		Long: `Create a new secret in your Qernal project. 
+		Long: `Create a new secret in your Qernal project.
 This command supports creating registry, environment, and certificate secrets.
 The secret value is read from stdin, allowing for secure input methods.`,
 		Example: ` # Create a registry secret
@@ -111,8 +111,8 @@ The secret value is read from stdin, allowing for secure input methods.`,
 				encryptedValue, err := client.EncryptLocalSecret(dek.Payload.SecretMetaResponseDek.Public, plaintext)
 				if err != nil {
 					return charm.RenderError("unable to  encrypt input", err)
-
 				}
+
 				encryptionRef := fmt.Sprintf(`keys/dek/%d`, dek.Revision)
 				_, _, err = qc.SecretsAPI.ProjectsSecretsCreate(ctx, projectID).SecretBody(openapi_chaos_client.SecretBody{
 					Name:       strings.ToUpper(secretName),
@@ -143,6 +143,12 @@ The secret value is read from stdin, allowing for secure input methods.`,
 					return charm.RenderError("Unable to read private key file", err)
 				}
 
+				// encrypt private key
+				privateKeyEncrypted, err := client.EncryptLocalSecret(dek.Payload.SecretMetaResponseDek.Public, strings.TrimSpace(string(privateKeyContent)))
+				if err != nil {
+					return charm.RenderError("unable to private key", err)
+				}
+
 				encryptionRef := fmt.Sprintf(`keys/dek/%d`, dek.Revision)
 				_, _, err = qc.SecretsAPI.ProjectsSecretsCreate(ctx, projectID).SecretBody(openapi_chaos_client.SecretBody{
 					Name:       strings.ToUpper(secretName),
@@ -151,7 +157,7 @@ The secret value is read from stdin, allowing for secure input methods.`,
 					Payload: openapi_chaos_client.SecretCreatePayload{
 						SecretCertificate: &openapi_chaos_client.SecretCertificate{
 							Certificate:      strings.TrimSpace(string(publicKeyContent)),
-							CertificateValue: strings.TrimSpace(string(privateKeyContent)),
+							CertificateValue: privateKeyEncrypted,
 						},
 					},
 				}).Execute()

commands/secrets/encrypt.go

@@ -3,6 +3,7 @@ package secrets
 import (
 	"bufio"
 	"context"
+	"io"
 	"strings"
 
 	"github.com/qernal/cli-qernal/charm"
@@ -29,10 +30,24 @@ func NewEncryptCmd(printer *utils.Printer) *cobra.Command {
 
 			// Read from stdin
 			reader := bufio.NewReader(cmd.InOrStdin())
-			plaintext, err := reader.ReadString('\n')
-			if err != nil {
-				return charm.RenderError("Error reading input from stdin:", err)
+			var sb strings.Builder
+			for {
+				line, err := reader.ReadString('\n')
+				if err != nil {
+					if err == bufio.ErrBufferFull {
+						sb.WriteString(line)
+						continue
+					} else if err == io.EOF {
+						sb.WriteString(line)
+						break
+					} else {
+						return charm.RenderError("Error reading input from stdin:", err)
+					}
+				}
+				sb.WriteString(line)
 			}
+			plaintext := sb.String()
+
 			// Remove trailing newline from input
 			plaintext = strings.TrimSpace(plaintext)
 			ctx := context.Background()

commands/secrets/encrypt_test.go

@@ -3,6 +3,8 @@ package secrets
 import (
 	"bytes"
 	"encoding/json"
+	"os"
+	"strings"
 	"testing"
 
 	"github.com/qernal/cli-qernal/pkg/helpers"
@@ -58,3 +60,59 @@ func TestEncryptCmd(t *testing.T) {
 		helpers.DeleteOrg(orgID)
 	})
 }
+
+func TestEncryptCmdWithFile(t *testing.T) {
+	filePath := "/tmp/" + utils.GenerateRandomString(6) + ".txt"
+	randomStrings := make([]string, 10)
+	for i := range randomStrings {
+		randomStrings[i] = utils.GenerateRandomString(60)
+	}
+	fileContent := []byte(strings.Join(randomStrings, "\n"))
+
+	err := os.WriteFile(filePath, fileContent, 0644)
+	require.NoError(t, err)
+
+	outputPrinter := utils.NewPrinter()
+
+	orgID, _, err := helpers.CreateOrg()
+	if err != nil {
+		t.Fatalf("failed to create organization: %v", err)
+	}
+	projectID, _, err := helpers.CreateProj(orgID)
+	if err != nil {
+		t.Fatalf("failed to create project: %v", err)
+	}
+
+	commandArgs := []string{"--project", projectID, "--output", "json"}
+
+	// Set stdout to controlled buffer
+	var outputBuffer bytes.Buffer
+	outputPrinter.SetOut(&outputBuffer)
+
+	var encryptionOutput struct {
+		RevisionID     int32  `json:"revision_id"`
+		EncryptedValue string `json:"encrypted_value"`
+	}
+
+	inputBuffer, err := os.ReadFile(filePath)
+	require.NoError(t, err)
+
+	encryptCmd := NewEncryptCmd(outputPrinter)
+	encryptCmd.SetArgs(commandArgs)
+	encryptCmd.SetIn(bytes.NewReader(inputBuffer))
+
+	err = encryptCmd.Execute()
+	require.NoError(t, err)
+
+	err = json.Unmarshal(outputBuffer.Bytes(), &encryptionOutput)
+	require.NoError(t, err)
+
+	println(len(encryptionOutput.EncryptedValue))
+
+	assert.Greater(t, len(encryptionOutput.EncryptedValue), 200)
+
+	t.Cleanup(func() {
+		helpers.DeleteOrg(orgID)
+		os.Remove(filePath)
+	})
+}

pkg/helpers/helpers.go

@@ -248,6 +248,7 @@ func GetDefaultHost(projid string) (string, error) {
 	return "", errors.New("no default host on project")
 }
 
+// specific to the secret type
 func RandomSecretName() string {
 	const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 	b := make([]byte, 8)

pkg/utils/utils.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"log/slog"
+	math_rand "math/rand"
 	"os"
 	"strings"
 
@@ -145,3 +146,13 @@ func (p *Printer) PrintResource(data string) {
 	}
 	fmt.Fprintln(out, data)
 }
+
+// generate random strings of a given length, for testing
+func GenerateRandomString(length int) string {
+	const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	b := make([]byte, length)
+	for i := range b {
+		b[i] = charset[math_rand.Intn(len(charset))]
+	}
+	return string(b)
+}