From a6015f251ac04395fb220fec119e751673bc70b3 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 18 Nov 2025 22:52:02 +0000 Subject: [PATCH 1/2] Add --key-from-stdin option to decrypt command Implement the --key-from-stdin flag for the decrypt command, matching the functionality of the Go EJSON CLI. This allows users to provide the private key via stdin instead of reading it from the keydir. This is particularly useful for: - CI/CD pipelines where keys are stored in environment variables - Security scenarios where keys shouldn't be written to disk - Scripting scenarios where keys are piped from other commands Changes: - Add --key-from-stdin flag parsing in decryptCommand - Read private key from stdin when flag is present - Update help text and usage examples - Maintain backward compatibility with keydir-based key loading Example usage: echo "private_key" | ejson decrypt --key-from-stdin secrets.ejson --- Sources/ejson/main.swift | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/Sources/ejson/main.swift b/Sources/ejson/main.swift index a8cca75..9eacda2 100644 --- a/Sources/ejson/main.swift +++ b/Sources/ejson/main.swift @@ -148,6 +148,7 @@ func encryptCommand(args: [String]) { func decryptCommand(args: [String]) { var keyDir = getKeyDir() var file: String? + var keyFromStdin = false var i = 0 // Parse options @@ -160,6 +161,9 @@ func decryptCommand(args: [String]) { } keyDir = args[i] i += 1 + } else if arg == "--key-from-stdin" { + keyFromStdin = true + i += 1 } else if file == nil { file = arg i += 1 @@ -179,7 +183,17 @@ func decryptCommand(args: [String]) { let publicKey = try ejson.extractPublicKey(from: filePath) // Load private key - let privateKey = try loadPrivateKey(publicKey: publicKey, keyDir: keyDir) + let privateKey: String + if keyFromStdin { + // Read private key from stdin + guard let stdinData = try? FileHandle.standardInput.readToEnd(), + let stdinString = String(data: stdinData, encoding: .utf8) else { + exitWithError("Failed to read private key from stdin") + } + privateKey = stdinString.trimmingCharacters(in: .whitespacesAndNewlines) + } else { + privateKey = try loadPrivateKey(publicKey: publicKey, keyDir: keyDir) + } // Decrypt the file let decrypted = try ejson.decryptFile(at: filePath, privateKey: privateKey) @@ -211,12 +225,16 @@ func printUsage() { Keygen Options: -w Write private key to keydir and print only public key + Decrypt Options: + --key-from-stdin Read private key from stdin instead of keydir + Examples: ejson keygen ejson keygen -w ejson encrypt secrets.ejson ejson decrypt secrets.ejson ejson -keydir ~/.ejson/keys decrypt secrets.ejson + echo "your_private_key" | ejson decrypt --key-from-stdin secrets.ejson """) } From cdfe5cefa2bb2a5cb5d43a5fe9329d8da44844af Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 18 Nov 2025 22:58:43 +0000 Subject: [PATCH 2/2] Update macOS platform requirement to 11.0 Bump minimum macOS version from 10.15 to 11.0 (Big Sur) to fix test compatibility issues. --- Package.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Package.swift b/Package.swift index 716de82..8347ac5 100644 --- a/Package.swift +++ b/Package.swift @@ -6,7 +6,7 @@ import PackageDescription let package = Package( name: "swift-ejson", platforms: [ - .macOS(.v10_15), + .macOS(.v11), .iOS(.v13), .tvOS(.v13), .watchOS(.v6)