extern/atuin
1
0
Fork 0
mirror of https://github.com/atuinsh/atuin.git synced 2025-06-26 12:51:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: provide additional clarity around key management (#2467)

Browse Source 
* feat: add help text for key management

There's been a number of help requests lately that seem to stem from a
misunderstanding around key management

All machines connected to sync must use the same encryption key. The key
is up to the user to manage, as if we had access to it then the
encryption wouldn't make sense.

In the future, we should verify that the key provided matches what has
been used to encrypt existing data.

* never generate a new key on login
This commit is contained in:
Ellie Huxtable 2024-12-05 00:52:38 +00:00 committed by GitHub
parent c5c5e9d84f
commit 5dcccad0c0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crates/atuin/src/command/client/account/login.rs
View File

@ -6,7 +6,7 @@ use tokio::{fs::File, io::AsyncWriteExt};
use atuin_client::{ use atuin_client::{
api_client, api_client,
encryption::{decode_key, encode_key, load_key, new_key, Key}, encryption::{decode_key, encode_key, load_key, Key},
record::sqlite_store::SqliteStore, record::sqlite_store::SqliteStore,
record::store::Store, record::store::Store,
settings::Settings, settings::Settings,
@ -55,6 +55,12 @@ impl Cmd {
let key_path = settings.key_path.as_str(); let key_path = settings.key_path.as_str();
let key_path = PathBuf::from(key_path); let key_path = PathBuf::from(key_path);
println!("IMPORTANT");
println!("If you are already logged in on another machine, you must ensure that the key you use here is the same as the key you used there.");
println!("You can find your key by running 'atuin key' on the other machine");
println!("Do not share this key with anyone");
println!("\nRead more here: https://docs.atuin.sh/guide/sync/#login \n");
let key = or_user_input(&self.key, "encryption key [blank to use existing key file]"); let key = or_user_input(&self.key, "encryption key [blank to use existing key file]");
// if provided, the key may be EITHER base64, or a bip mnemonic // if provided, the key may be EITHER base64, or a bip mnemonic
@ -97,8 +103,7 @@ impl Cmd {
bail!("the key in existing key file was invalid"); bail!("the key in existing key file was invalid");
} }
} else { } else {
println!("No key file exists, creating a new"); panic!("No key provided. Please use 'atuin key' on your other machine, or recover your key from a backup.")
let _key = new_key(settings)?;
} }
} else if !key_path.exists() { } else if !key_path.exists() {
if decode_key(key.clone()).is_err() { if decode_key(key.clone()).is_err() {

3
crates/atuin/src/command/client/account/register.rs
View File

@ -51,5 +51,8 @@ pub async fn run(
let _key = atuin_client::encryption::load_key(settings)?; let _key = atuin_client::encryption::load_key(settings)?;
println!("Registration successful! Please make a note of your key (run 'atuin key') and keep it safe.");
println!("You will need it to log in on other devices, and we cannot help recover it if you lose it.");
Ok(()) Ok(())
} }