command/seal

command/seal.go

@@ -1,6 +1,7 @@
 package command
 
 import (
+	"fmt"
 	"strings"
 )
 
@@ -10,12 +11,25 @@ type SealCommand struct {
 }
 
 func (c *SealCommand) Run(args []string) int {
-	flags := c.Meta.FlagSet("unseal", FlagSetDefault)
+	flags := c.Meta.FlagSet("seal", FlagSetDefault)
 	flags.Usage = func() { c.Ui.Error(c.Help()) }
 	if err := flags.Parse(args); err != nil {
 		return 1
 	}
 
+	client, err := c.Client()
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf(
+			"Error initializing client: %s", err))
+		return 2
+	}
+
+	if err := client.Sys().Seal(); err != nil {
+		c.Ui.Error(fmt.Sprintf("Error sealing: %s", err))
+		return 1
+	}
+
+	c.Ui.Output("Vault is now sealed.")
 	return 0
 }
 

command/seal_test.go

@@ -0,0 +1,35 @@
+package command
+
+import (
+	"testing"
+
+	"github.com/hashicorp/vault/http"
+	"github.com/hashicorp/vault/vault"
+	"github.com/mitchellh/cli"
+)
+
+func TestSeal(t *testing.T) {
+	core, _, _ := vault.TestCoreUnsealed(t)
+	ln, addr := http.TestServer(t, core)
+	defer ln.Close()
+
+	ui := new(cli.MockUi)
+	c := &SealCommand{
+		Meta: Meta{
+			Ui: ui,
+		},
+	}
+
+	args := []string{"-address", addr}
+	if code := c.Run(args); code != 0 {
+		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+	}
+
+	sealed, err := core.Sealed()
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if !sealed {
+		t.Fatal("should be sealed")
+	}
+}