From b62d0f187b471ae14028fa75b1cc1619827fe434 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Mon, 30 Mar 2015 23:39:56 -0700
Subject: [PATCH] command/seal

---
 command/seal.go      | 16 +++++++++++++++-
 command/seal_test.go | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 command/seal_test.go

diff --git a/command/seal.go b/command/seal.go
index 1ee7a10b4..b72b26b32 100644
--- a/command/seal.go
+++ b/command/seal.go
@@ -1,6 +1,7 @@
 package command
 
 import (
+	"fmt"
 	"strings"
 )
 
@@ -10,12 +11,25 @@ type SealCommand struct {
 }
 
 func (c *SealCommand) Run(args []string) int {
-	flags := c.Meta.FlagSet("unseal", FlagSetDefault)
+	flags := c.Meta.FlagSet("seal", FlagSetDefault)
 	flags.Usage = func() { c.Ui.Error(c.Help()) }
 	if err := flags.Parse(args); err != nil {
 		return 1
 	}
 
+	client, err := c.Client()
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf(
+			"Error initializing client: %s", err))
+		return 2
+	}
+
+	if err := client.Sys().Seal(); err != nil {
+		c.Ui.Error(fmt.Sprintf("Error sealing: %s", err))
+		return 1
+	}
+
+	c.Ui.Output("Vault is now sealed.")
 	return 0
 }
 
diff --git a/command/seal_test.go b/command/seal_test.go
new file mode 100644
index 000000000..cbbd099c1
--- /dev/null
+++ b/command/seal_test.go
@@ -0,0 +1,35 @@
+package command
+
+import (
+	"testing"
+
+	"github.com/hashicorp/vault/http"
+	"github.com/hashicorp/vault/vault"
+	"github.com/mitchellh/cli"
+)
+
+func TestSeal(t *testing.T) {
+	core, _, _ := vault.TestCoreUnsealed(t)
+	ln, addr := http.TestServer(t, core)
+	defer ln.Close()
+
+	ui := new(cli.MockUi)
+	c := &SealCommand{
+		Meta: Meta{
+			Ui: ui,
+		},
+	}
+
+	args := []string{"-address", addr}
+	if code := c.Run(args); code != 0 {
+		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+	}
+
+	sealed, err := core.Sealed()
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if !sealed {
+		t.Fatal("should be sealed")
+	}
+}