2023-03-15 12:00:52 -04:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-10 21:14:03 -04:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-15 12:00:52 -04:00
|
|
|
|
2015-03-04 11:56:10 -05:00
|
|
|
package command
|
|
|
|
|
|
|
|
|
|
import (
|
2015-03-31 02:39:56 -04:00
|
|
|
"fmt"
|
2015-03-04 11:56:10 -05:00
|
|
|
"strings"
|
2016-04-01 13:16:05 -04:00
|
|
|
|
2023-12-04 14:05:02 -05:00
|
|
|
"github.com/hashicorp/cli"
|
2017-09-05 00:04:19 -04:00
|
|
|
"github.com/posener/complete"
|
2015-03-04 11:56:10 -05:00
|
|
|
)
|
|
|
|
|
|
2021-04-08 12:43:39 -04:00
|
|
|
var (
|
|
|
|
|
_ cli.Command = (*OperatorSealCommand)(nil)
|
|
|
|
|
_ cli.CommandAutocomplete = (*OperatorSealCommand)(nil)
|
|
|
|
|
)
|
2017-09-05 00:04:19 -04:00
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
type OperatorSealCommand struct {
|
2017-09-05 00:04:19 -04:00
|
|
|
*BaseCommand
|
2015-03-04 11:56:10 -05:00
|
|
|
}
|
|
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
func (c *OperatorSealCommand) Synopsis() string {
|
2017-03-25 13:51:12 -04:00
|
|
|
return "Seals the Vault server"
|
2015-03-04 11:56:10 -05:00
|
|
|
}
|
|
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
func (c *OperatorSealCommand) Help() string {
|
2015-03-04 11:56:10 -05:00
|
|
|
helpText := `
|
2018-06-07 00:11:21 -04:00
|
|
|
Usage: vault operator seal [options]
|
2015-03-04 11:56:10 -05:00
|
|
|
|
2017-09-05 00:04:19 -04:00
|
|
|
Seals the Vault server. Sealing tells the Vault server to stop responding
|
|
|
|
|
to any operations until it is unsealed. When sealed, the Vault server
|
2021-12-06 20:12:20 -05:00
|
|
|
discards its in-memory root key to unlock the data, so it is physically
|
2017-09-05 00:04:19 -04:00
|
|
|
blocked from responding to operations unsealed.
|
|
|
|
|
|
|
|
|
|
If an unseal is in progress, sealing the Vault will reset the unsealing
|
2021-12-06 20:12:20 -05:00
|
|
|
process. Users will have to re-enter their portions of the root key again.
|
2015-03-04 11:56:10 -05:00
|
|
|
|
2017-09-05 00:04:19 -04:00
|
|
|
This command does nothing if the Vault server is already sealed.
|
2015-03-04 11:56:10 -05:00
|
|
|
|
2017-09-05 00:04:19 -04:00
|
|
|
Seal the Vault server:
|
2015-03-04 11:56:10 -05:00
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
$ vault operator seal
|
2017-09-05 00:04:19 -04:00
|
|
|
|
|
|
|
|
` + c.Flags().Help()
|
2015-03-04 11:56:10 -05:00
|
|
|
|
|
|
|
|
return strings.TrimSpace(helpText)
|
|
|
|
|
}
|
2017-09-05 00:04:19 -04:00
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
func (c *OperatorSealCommand) Flags() *FlagSets {
|
2017-09-05 00:04:19 -04:00
|
|
|
return c.flagSet(FlagSetHTTP)
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
func (c *OperatorSealCommand) AutocompleteArgs() complete.Predictor {
|
2017-09-05 00:04:19 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
func (c *OperatorSealCommand) AutocompleteFlags() complete.Flags {
|
2017-09-05 00:04:19 -04:00
|
|
|
return c.Flags().Completions()
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-07 22:03:12 -04:00
|
|
|
func (c *OperatorSealCommand) Run(args []string) int {
|
2017-09-05 00:04:19 -04:00
|
|
|
f := c.Flags()
|
|
|
|
|
|
|
|
|
|
if err := f.Parse(args); err != nil {
|
|
|
|
|
c.UI.Error(err.Error())
|
|
|
|
|
return 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
args = f.Args()
|
|
|
|
|
if len(args) > 0 {
|
|
|
|
|
c.UI.Error(fmt.Sprintf("Too many arguments (expected 0, got %d)", len(args)))
|
|
|
|
|
return 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
client, err := c.Client()
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.UI.Error(err.Error())
|
|
|
|
|
return 2
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := client.Sys().Seal(); err != nil {
|
|
|
|
|
c.UI.Error(fmt.Sprintf("Error sealing: %s", err))
|
|
|
|
|
return 2
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.UI.Output("Success! Vault is sealed.")
|
|
|
|
|
return 0
|
|
|
|
|
}
|
