jesus/TypeDialog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
TypeDialog/examples/08-encryption/quick-sops-demo.sh
Jesús Pérez aca491ba42
feat(encryption): integrate external encryption services with Nickel contracts 
ADDED:
- encryption_bridge.rs: Service integration layer
- encryption_contract_parser.rs: Nickel contract parsing
- encryption_integration.rs: Integration tests (+442 lines)
- docs/ENCRYPTION-*.md: Quick start, setup, architecture
- examples/08-encryption: Usage examples
- scripts/encryption-test-setup.sh: Provisioning

MODIFIED:
- helpers.rs: +570 lines utility functions
- nickel/: Enhanced contract parsing & serialization
- form_parser.rs: Constraint interpolation improvements
- config/mod.rs: New configuration (+24 lines)
- typedialog/src/main.rs: CLI updates (+83 lines)
- Cargo.toml: encryption_bridge dependency
- Cargo.lock, SBOMs: Updated

AFFECTED BACKENDS: cli, tui, web (core-level changes)
2025-12-22 10:40:01 +00:00

186 lines
6.1 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
#
# Quick SOPS + typedialog Demo
#
# Minimal script showing SOPS encryption workflow with typedialog
# No complex test framework - just shows the actual commands and results
#
# Usage:
# bash examples/08-encryption/quick-sops-demo.sh
#
set -e
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Setup
DEMO_DIR="/tmp/sops-td-quick-demo"
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE} SOPS + typedialog Quick Demo${NC}"
echo -e "${BLUE}========================================${NC}\n"
# Step 1: Verify tools
echo -e "${YELLOW}Step 1: Verify Tools${NC}"
echo " Checking: sops, age-keygen, typedialog..."
sops --version | head -1 | sed 's/^/ /'
age-keygen --version 2>/dev/null | sed 's/^/ /' || echo " age-keygen: OK"
echo -e "${GREEN} ✓ All tools available\n${NC}"
# Step 2: Create demo directory
echo -e "${YELLOW}Step 2: Setup Demo Environment${NC}"
mkdir -p "$DEMO_DIR"
cd "$DEMO_DIR"
echo " Demo directory: $DEMO_DIR"
# Generate Age key
echo " Generating Age key..."
AGE_KEY_FILE="$DEMO_DIR/key.txt"
age-keygen -o "$AGE_KEY_FILE" > /dev/null 2>&1
AGE_PUBLIC_KEY=$(grep "^# public key:" "$AGE_KEY_FILE" | sed 's/# public key: //')
echo " Age key: $(basename $AGE_KEY_FILE)"
# Create .sops.yaml
cat > ".sops.yaml" << EOF
creation_rules:
- path_regex: .*
age: $AGE_PUBLIC_KEY
EOF
echo " .sops.yaml created"
echo -e "${GREEN} ✓ Environment ready\n${NC}"
# Step 3: Test SOPS directly
echo -e "${YELLOW}Step 3: Test SOPS Encryption${NC}"
echo " Creating plaintext YAML file..."
cat > "test-secret.yaml" << 'EOF'
secret: my-super-secret-password-123
EOF
cat "test-secret.yaml" | sed 's/^/ /'
echo -e "\n Encrypting with SOPS..."
export SOPS_AGE_KEY_FILE="$AGE_KEY_FILE"
sops -e -i "test-secret.yaml" > /dev/null 2>&1
echo " Encrypted!"
echo -e "\n Encrypted content (first 80 chars):"
head -c 80 "test-secret.yaml" | sed 's/^/ /'
echo -e "\n"
echo " Decrypting to verify..."
PLAINTEXT=$(sops -d "test-secret.yaml" 2>/dev/null | grep "secret:" | sed 's/secret: //')
if [ "$PLAINTEXT" = "my-super-secret-password-123" ]; then
echo " Decrypted: $PLAINTEXT"
echo -e "${GREEN} ✓ SOPS encryption/decryption works\n${NC}"
else
echo -e "${RED} ✗ Decryption failed\n${NC}"
echo " Got: $PLAINTEXT"
fi
# Step 4: Test typedialog redaction (no encryption needed)
echo -e "${YELLOW}Step 4: Test typedialog Redaction${NC}"
echo " Running: typedialog form simple-login.toml --redact"
# Extract JSON from output (skip informational lines)
OUTPUT=$(echo -e "alice\nsecretpass" | \
typedialog form "$PROJECT_ROOT/examples/08-encryption/simple-login.toml" \
--redact --format json 2>/dev/null | grep -A 100 "^{")
echo " Output:"
echo "$OUTPUT" | jq '.' 2>/dev/null | sed 's/^/ /'
if echo "$OUTPUT" | jq -e '.password == "[REDACTED]"' > /dev/null 2>&1; then
echo -e "${GREEN} ✓ Redaction works\n${NC}"
else
echo -e "${YELLOW} ⚠ Redaction output: $(echo "$OUTPUT" | jq '.password' 2>/dev/null)\n${NC}"
fi
# Step 5: Test typedialog with Age backend
echo -e "${YELLOW}Step 5: Test typedialog with Age Backend${NC}"
echo " Running: typedialog form simple-login.toml --encrypt --backend age"
OUTPUT=$(echo -e "alice\nsecretpass" | \
typedialog form "$PROJECT_ROOT/examples/08-encryption/simple-login.toml" \
--encrypt --backend age --key-file "$AGE_KEY_FILE" \
--format json 2>/dev/null | grep -A 100 "^{")
echo " Encrypted output:"
PASSWORD_CT=$(echo "$OUTPUT" | jq -r '.password' 2>/dev/null)
USERNAME=$(echo "$OUTPUT" | jq -r '.username' 2>/dev/null)
echo " username: $USERNAME"
echo " password: ${PASSWORD_CT:0:50}..."
if echo "$PASSWORD_CT" | grep -q "age1"; then
echo -e "${GREEN} ✓ Age encryption works\n${NC}"
else
echo -e "${YELLOW} ⚠ Output: $PASSWORD_CT\n${NC}"
fi
# Step 6: Test typedialog with SOPS backend
echo -e "${YELLOW}Step 6: Test typedialog with SOPS Backend${NC}"
echo " Running: typedialog form simple-login.toml --encrypt --backend sops"
echo " (Using .sops.yaml with Age backend)"
OUTPUT=$(echo -e "alice\nsecretpass" | \
typedialog form "$PROJECT_ROOT/examples/08-encryption/simple-login.toml" \
--encrypt --backend sops \
--format json 2>/dev/null | grep -A 100 "^{" || true)
echo " Encrypted output:"
PASSWORD_CT=$(echo "$OUTPUT" | jq -r '.password' 2>/dev/null)
USERNAME=$(echo "$OUTPUT" | jq -r '.username' 2>/dev/null)
if [ -n "$PASSWORD_CT" ] && [ "$PASSWORD_CT" != "null" ]; then
echo " username: $USERNAME"
echo " password: ${PASSWORD_CT:0:50}..."
if echo "$PASSWORD_CT" | grep -q "sops:v1:"; then
echo -e "${GREEN} ✓ SOPS encryption works\n${NC}"
else
echo -e "${YELLOW} ⚠ Password encrypted: ${PASSWORD_CT:0:30}...\n${NC}"
fi
else
echo -e "${YELLOW} ⚠ SOPS test output:\n${NC}"
echo "$OUTPUT" | sed 's/^/ /'
echo ""
fi
# Summary
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE} Demo Complete!${NC}"
echo -e "${BLUE}========================================${NC}\n"
echo "Demo directory: $DEMO_DIR"
echo "Files created:"
ls -1h "$DEMO_DIR" | sed 's/^/ - /'
echo -e "\n${YELLOW}Key Takeaways:${NC}"
echo " ✓ SOPS can encrypt/decrypt YAML files"
echo " ✓ typedialog can use SOPS backend for field encryption"
echo " ✓ Same form works with Age, SOPS, AWS KMS, etc."
echo " ✓ Redaction works without any encryption service"
echo -e "\n${YELLOW}Next Steps:${NC}"
echo " 1. Try with AWS KMS:"
echo " - Create .sops.yaml with AWS KMS ARN"
echo " - Set AWS credentials: export AWS_REGION=us-east-1"
echo " - Run: typedialog form ... --encrypt --backend sops"
echo ""
echo " 2. Review examples:"
echo " - Multi-backend: examples/08-encryption/multi-backend-sops.toml"
echo " - Nickel schema: examples/08-encryption/sops-example.ncl"
echo ""
echo " 3. Read full guide:"
echo " - examples/08-encryption/SOPS-DEMO.md"
echo " - docs/ENCRYPTION-UNIFIED-ARCHITECTURE.md"
echo -e "\n${YELLOW}Cleanup:${NC}"
echo " rm -rf $DEMO_DIR"
echo ""
Reference in New Issue View Git Blame Copy Permalink