open-vault/command/seal.go

64 lines
1.5 KiB
Go
Raw Normal View History

2015-03-04 16:56:10 +00:00
package command
import (
2015-03-31 06:39:56 +00:00
"fmt"
2015-03-04 16:56:10 +00:00
"strings"
2016-04-01 17:16:05 +00:00
"github.com/hashicorp/vault/meta"
2015-03-04 16:56:10 +00:00
)
// SealCommand is a Command that seals the vault.
type SealCommand struct {
2016-04-01 17:16:05 +00:00
meta.Meta
2015-03-04 16:56:10 +00:00
}
func (c *SealCommand) Run(args []string) int {
2016-04-01 17:16:05 +00:00
flags := c.Meta.FlagSet("seal", meta.FlagSetDefault)
2015-03-04 16:56:10 +00:00
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
2015-03-31 06:39:56 +00:00
client, err := c.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error initializing client: %s", err))
return 2
}
if err := client.Sys().Seal(); err != nil {
c.Ui.Error(fmt.Sprintf("Error sealing: %s", err))
return 1
}
c.Ui.Output("Vault is now sealed.")
2015-03-04 16:56:10 +00:00
return 0
}
func (c *SealCommand) Synopsis() string {
return "Seals the Vault server"
2015-03-04 16:56:10 +00:00
}
func (c *SealCommand) Help() string {
helpText := `
Usage: vault seal [options]
Seal the vault.
Sealing a vault tells the Vault server to stop responding to any
access operations until it is unsealed again. A sealed vault throws away
its master key to unlock the data, so it is physically blocked from
responding to operations again until the vault is unsealed with
2015-03-04 16:56:10 +00:00
the "unseal" command or via the API.
This command is idempotent, if the vault is already sealed it does nothing.
If an unseal has started, sealing the vault will reset the unsealing
process. You'll have to re-enter every portion of the master key again.
This is the same as running "vault unseal -reset".
General Options:
` + meta.GeneralOptionsUsage()
2015-03-04 16:56:10 +00:00
return strings.TrimSpace(helpText)
}