From 8a47353a75b043e0a0afea0038d527e60ee7f41e Mon Sep 17 00:00:00 2001
From: Michal Budzyn <michalbudzyn@gmail.com>
Date: Tue, 14 Sep 2021 09:36:35 +0200
Subject: [PATCH] Use ENCRYPT_KEY_BASE64 as alternative to ENCRYPT_KEY

---
 Dockerfile       |  4 ++--
 Dockerfile.build |  2 +-
 Makefile         |  2 +-
 README.md        |  8 ++++----
 main.go          | 19 ++++++++++++-------
 5 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 057cb10..c8fe288 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14 as builder
+FROM golang:1.17 as builder
 
 ARG MAKE_TARGET="test build"
 
@@ -6,6 +6,6 @@ WORKDIR "/code"
 ADD . "/code"
 RUN make BINARY=spring-config-decryptor ${MAKE_TARGET}
 
-FROM alpine:3.12
+FROM scratch
 COPY --from=builder /code/spring-config-decryptor /spring-config-decryptor
 ENTRYPOINT ["/spring-config-decryptor"]
diff --git a/Dockerfile.build b/Dockerfile.build
index 7265c65..2619e5b 100644
--- a/Dockerfile.build
+++ b/Dockerfile.build
@@ -1,4 +1,4 @@
-FROM golang:1.14 as builder
+FROM golang:1.17 as builder
 
 ARG GOOS=linux
 ARG GOARCH=amd64
diff --git a/Makefile b/Makefile
index e838ee0..402979d 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
 
 .PHONY: clean build fmt test
 
-TAG           ?= "v0.0.3"
+TAG           ?= "v0.0.4"
 
 BUILD_FLAGS   ?=
 BINARY        ?= spring-config-decryptor
diff --git a/README.md b/README.md
index 2b8a96c..4bf4a91 100644
--- a/README.md
+++ b/README.md
@@ -15,15 +15,15 @@ The secret values are base64 encoded and start with `{cipher}` prefix.
 
    Linux
 
-        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.2/spring-config-decryptor-v0.0.2-linux-amd64.tar.gz | tar xz
+        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-linux-amd64.tar.gz | tar xz
 
    macOS
 
-        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.2/spring-config-decryptor-v0.0.2-darwin-amd64.tar.gz | tar xz
+        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-darwin-amd64.tar.gz | tar xz
 
    windows
 
-        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.2/spring-config-decryptor-v0.0.2-windows-amd64.tar.gz | tar xz
+        curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-windows-amd64.tar.gz | tar xz
 
 
 2. Move the binary in to your PATH.
@@ -62,7 +62,7 @@ The secret values are base64 encoded and start with `{cipher}` prefix.
       -f string
             The file name to decrypt. Use '-' for stdin. (default "-")
       -k string
-            The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY 
+            The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY / ENCRYPT_KEY_BASE64
       -o string
             The file to write the result to. Use '-' for stdout. (default "-")
     
diff --git a/main.go b/main.go
index 08dcc3b..7021c21 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/base64"
 	"flag"
 	"fmt"
 	"io"
@@ -11,13 +12,14 @@ import (
 )
 
 const (
-	defaultEnvEncryptKey = "ENCRYPT_KEY"
+	defaultEnvEncryptKey       = "ENCRYPT_KEY"
+	defaultEnvEncryptKeyBase64 = "ENCRYPT_KEY_BASE64"
 )
 
 var (
 	inputFile  = flag.String("f", "-", `The file name to decrypt. Use '-' for stdin.`)
 	outputFile = flag.String("o", "-", `The file to write the result to. Use '-' for stdout.`)
-	keyFile    = flag.String("k", "", fmt.Sprintf("The file with RSA private key. If empty the key is read from environment variable %s ", defaultEnvEncryptKey))
+	keyFile    = flag.String("k", "", fmt.Sprintf("The file with RSA private key. If empty the key is read from environment variable %s / %s", defaultEnvEncryptKey, defaultEnvEncryptKeyBase64))
 )
 
 func main() {
@@ -33,12 +35,15 @@ func main() {
 		if err != nil {
 			exitOnError("key file reading error: %v", err)
 		}
-	} else {
-		value := os.Getenv(defaultEnvEncryptKey)
-		if value == "" {
-			exitOnError("missing private key error, provide key in the env variable %s or use -k flag", defaultEnvEncryptKey)
-		}
+	} else if value := os.Getenv(defaultEnvEncryptKey); value != "" {
 		key = []byte(value)
+	} else if value = os.Getenv(defaultEnvEncryptKeyBase64); value != "" {
+		key, err = base64.StdEncoding.DecodeString(value)
+		if err != nil {
+			exitOnError("key file reading error: %v", err)
+		}
+	} else {
+		exitOnError("missing private key error, provide key in the env variable %s / %s or use -k flag", defaultEnvEncryptKey, defaultEnvEncryptKeyBase64)
 	}
 
 	var input io.Reader