aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rwxr-xr-xlib/keyringer/actions/append2
-rwxr-xr-xlib/keyringer/actions/check2
-rwxr-xr-xlib/keyringer/actions/commands2
-rwxr-xr-xlib/keyringer/actions/commit2
-rwxr-xr-xlib/keyringer/actions/cp7
-rwxr-xr-xlib/keyringer/actions/decrypt2
-rwxr-xr-xlib/keyringer/actions/del2
-rwxr-xr-xlib/keyringer/actions/edit2
-rwxr-xr-xlib/keyringer/actions/encrypt2
-rwxr-xr-xlib/keyringer/actions/find2
-rwxr-xr-xlib/keyringer/actions/genkeys227
l---------[-rwxr-xr-x]lib/keyringer/actions/genpair223
-rwxr-xr-xlib/keyringer/actions/git2
-rwxr-xr-xlib/keyringer/actions/ls2
-rwxr-xr-xlib/keyringer/actions/mkdir2
-rwxr-xr-xlib/keyringer/actions/mv2
-rwxr-xr-xlib/keyringer/actions/options2
-rwxr-xr-xlib/keyringer/actions/preferences2
-rwxr-xr-xlib/keyringer/actions/recipients2
-rwxr-xr-xlib/keyringer/actions/recrypt2
-rwxr-xr-xlib/keyringer/actions/rmdir2
-rwxr-xr-xlib/keyringer/actions/shell2
-rwxr-xr-xlib/keyringer/actions/teardown2
-rwxr-xr-xlib/keyringer/actions/tree2
-rwxr-xr-xlib/keyringer/actions/usage2
-rwxr-xr-xlib/keyringer/actions/xclip2
-rw-r--r--lib/keyringer/completions/bash/keyringer12
-rw-r--r--lib/keyringer/completions/zsh/_keyringer12
-rwxr-xr-xlib/keyringer/functions2
29 files changed, 273 insertions, 256 deletions
diff --git a/lib/keyringer/actions/append b/lib/keyringer/actions/append
index fbb6c1c..df21e03 100755
--- a/lib/keyringer/actions/append
+++ b/lib/keyringer/actions/append
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Append information into encrypted files.
#
diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check
index c80fa8f..a647e95 100755
--- a/lib/keyringer/actions/check
+++ b/lib/keyringer/actions/check
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Check a keyring.
#
diff --git a/lib/keyringer/actions/commands b/lib/keyringer/actions/commands
index cb49c02..4888317 100755
--- a/lib/keyringer/actions/commands
+++ b/lib/keyringer/actions/commands
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Show available commands
#
diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit
index b124927..84ead14 100755
--- a/lib/keyringer/actions/commit
+++ b/lib/keyringer/actions/commit
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Git commit wrapper.
#
diff --git a/lib/keyringer/actions/cp b/lib/keyringer/actions/cp
index 0629b61..1f4ccee 100755
--- a/lib/keyringer/actions/cp
+++ b/lib/keyringer/actions/cp
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Copy secrets.
#
@@ -27,7 +27,10 @@ if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then
exit 1
fi
-# Run move command
+# Ensure destination folder exists
+mkdir -p `dirname "$KEYDIR/$FILE"`
+
+# Run copy command
cd "$KEYDIR" && cp -a "./$RELATIVE_PATH/$ORIG" "./$FILE"
keyringer_exec git "$BASEDIR" add "keys/$FILE"
cd "$CWD"
diff --git a/lib/keyringer/actions/decrypt b/lib/keyringer/actions/decrypt
index b63b74e..c6510ee 100755
--- a/lib/keyringer/actions/decrypt
+++ b/lib/keyringer/actions/decrypt
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Decrypt files.
#
diff --git a/lib/keyringer/actions/del b/lib/keyringer/actions/del
index d160ac4..2abc414 100755
--- a/lib/keyringer/actions/del
+++ b/lib/keyringer/actions/del
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Remove files.
#
diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit
index c9f3f12..4338518 100755
--- a/lib/keyringer/actions/edit
+++ b/lib/keyringer/actions/edit
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Edit keys.
#
diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt
index 7415267..3818fa3 100755
--- a/lib/keyringer/actions/encrypt
+++ b/lib/keyringer/actions/encrypt
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Encrypt files to multiple recipients.
#
diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find
index 9b18d66..dc9d6d1 100755
--- a/lib/keyringer/actions/find
+++ b/lib/keyringer/actions/find
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Find secrets.
#
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
new file mode 100755
index 0000000..f49d6d0
--- /dev/null
+++ b/lib/keyringer/actions/genkeys
@@ -0,0 +1,227 @@
+#!/usr/bin/env bash
+#
+# Generate keypairs.
+#
+# This script is just a wrapper to easily generate keys for
+# automated systems.
+#
+
+# Generate a keypair, ssh version
+function genkeys_ssh {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -p "Hit ENTER to continue." prompt
+
+ # We're using empty passphrases
+ ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
+
+ # Encrypt the result
+ echo "Encrypting secret key into keyringer..."
+ cat "$TMPWORK/id_rsa" | keyringer_exec encrypt "$BASEDIR" "$FILE"
+ echo "Encrypting public key into keyringer..."
+ cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
+
+ if [ ! -z "$OUTFILE" ]; then
+ mkdir -p `dirname $OUTFILE`
+ printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
+ cat "$TMPWORK/id_rsa" > "$OUTFILE"
+ cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
+ fi
+
+ echo "Done"
+}
+
+# Generate a keypair, gpg version
+function genkeys_gpg {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+
+ passphrase="no"
+ passphrase_confirm="confirm"
+
+ while [ "$passphrase" != "$passphrase_confirm" ]; do
+ read -s -p "Enter password for the private key: " passphrase
+ printf "\n"
+ read -s -p "Enter password again: " passphrase_confirm
+ printf "\n"
+
+ if [ "$passphrase" != "$passphrase_confirm" ]; then
+ echo "Password don't match."
+ fi
+ done
+
+ # TODO: insert random bytes
+ # TODO: custom Name-Comment and Name-Email
+ # TODO: allow for empty passphrases
+ $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF
+ Key-Type: RSA
+ Key-Length: 4096
+ Subkey-Type: ELG-E
+ Subkey-Length: 4096
+ Name-Real: $NODE
+ Name-Email: root@$NODE
+ Expire-Date: 0
+ Passphrase: $passphrase
+ %commit
+EOF
+
+ # Encrypt the result
+ echo "Encrypting secret key into keyringer..."
+ $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
+ echo "Encrypting public key into keyringer..."
+ $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
+ echo "Encrypting passphrase into keyringer..."
+ echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
+
+ if [ ! -z "$OUTFILE" ]; then
+ mkdir -p `dirname $OUTFILE`
+ printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
+ $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE"
+ $GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub"
+ fi
+
+ echo "Done"
+}
+
+# Alias
+function genkeys_ssl {
+ genkeys_x509 $*
+}
+
+# Generate a keypair, ssl version
+function genkeys_x509 {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -p "Hit ENTER to continue." prompt
+
+ # Check for wildcard certs
+ if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then
+ WILDCARD="yes"
+ CNAME="$NODE"
+ NODE="`echo $NODE | sed -e 's/^\*\.//'`"
+ else
+ CNAME="${NODE}"
+ fi
+
+ # Setup
+ cd "$TMPWORK"
+
+ # Generate certificate
+cat <<EOF >> openssl.conf
+[ req ]
+default_keyfile = ${NODE}_privatekey.pem
+distinguished_name = req_distinguished_name
+encrypt_key = no
+req_extensions = v3_req # Extensions to add to certificate request
+string_mask = nombstr
+
+[ req_distinguished_name ]
+commonName_default = ${CNAME}
+organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+emailAddress = Email Address
+localityName = Locality
+stateOrProvinceName = State
+countryName = Country Name
+commonName = Common Name
+
+[ v3_req ]
+extendedKeyUsage=serverAuth,clientAuth
+EOF
+
+ # Add SubjectAltNames so wildcard certs can work correctly.
+ if [ "$WILDCARD" == "yes" ]; then
+cat <<EOF >> openssl.conf
+subjectAltName=DNS:${NODE}, DNS:${CNAME}
+EOF
+ fi
+
+ echo "Please review your OpenSSL configuration:"
+ cat openssl.conf
+ read -p "Hit ENTER to continue." prompt
+
+ openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \
+ -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
+
+ openssl req -noout -text -in ${NODE}_csr.pem
+
+ # Self-sign
+ if [ "$KEYTYPE" == "ssl-self" ]; then
+ openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365
+ chmod 600 "${NODE}_privatekey.pem"
+ fi
+
+ # Encrypt the result
+ echo "Encrypting private key into keyringer..."
+ cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
+ echo "Encrypting certificate request into keyringer..."
+ cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
+
+ if [ "$KEYTYPE" == "ssl-self" ]; then
+ echo "Encrypting certificate into keyringer..."
+ cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
+ elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then
+ # Remove any existing crt
+ keyringer_exec del "$BASEDIR" "$FILE.crt"
+ fi
+
+ cd "$CWD"
+
+ if [ ! -z "$OUTFILE" ]; then
+ mkdir -p `dirname $OUTFILE`
+ printf "Saving copies at %s\n" "`dirname $OUTFILE`"
+ cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
+ cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr"
+
+ if [ -f "$TMPWORK/${NODE}.crt" ]; then
+ cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt"
+ fi
+ fi
+
+ # Show cert fingerprint
+ if [ "$KEYTYPE" == "ssl-self" ]; then
+ openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
+ fi
+
+ echo "Done"
+}
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Aditional parameters
+KEYTYPE="$2"
+FILE="$RELATIVE_PATH/$3"
+NODE="$4"
+OUTFILE="$5"
+CWD="`pwd`"
+
+# Verify
+if [ -z "$NODE" ]; then
+ echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self|ssl|ssl-self> <file> <hostname> [outfile]"
+ echo -e "Options:"
+ echo -e "\t gpg|ssh|x509[-self]|ssl|ssl[-self]: key type."
+ echo -e "\t file : base file name for encrypted output (relative to keys folder),"
+ echo -e "\t without spaces"
+ echo -e "\t hostname : host for the key pair"
+ echo -e "\t outfile : optional unencrypted output file, useful for deployment,"
+ echo -e "\t without spaces"
+ exit 1
+elif [ ! -e "$KEYDIR" ]; then
+ echo "Folder not found: $KEYDIR, leaving"
+ exit 1
+fi
+
+# Set a tmp file
+keyringer_set_tmpfile genpair -d
+
+# Dispatch
+echo "Generating $KEYTYPE key for $NODE..."
+if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "x509-self" ]; then
+ genkeys_x509
+else
+ genkeys_"$KEYTYPE"
+fi
+
+# Cleanup
+cd "$CWD"
+rm -rf "$TMPWORK"
+trap - EXIT
diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair
index 6fc6dcd..d936499 100755..120000
--- a/lib/keyringer/actions/genpair
+++ b/lib/keyringer/actions/genpair
@@ -1,222 +1 @@
-#!/bin/bash
-#
-# Generate keypairs.
-#
-# This script is just a wrapper to easily generate keys for
-# automated systems.
-#
-
-# Generate a keypair, ssh version
-function genpair_ssh {
- echo "Make sure that $KEYDIR is atop of an encrypted volume."
- read -p "Hit ENTER to continue." prompt
-
- # We're using empty passphrases
- ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
-
- # Encrypt the result
- echo "Encrypting secret key into keyringer..."
- cat "$TMPWORK/id_rsa" | keyringer_exec encrypt "$BASEDIR" "$FILE"
- echo "Encrypting public key into keyringer..."
- cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
-
- if [ ! -z "$OUTFILE" ]; then
- mkdir -p `dirname $OUTFILE`
- printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
- cat "$TMPWORK/id_rsa" > "$OUTFILE"
- cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
- fi
-
- echo "Done"
-}
-
-# Generate a keypair, gpg version
-function genpair_gpg {
- echo "Make sure that $KEYDIR is atop of an encrypted volume."
-
- passphrase="no"
- passphrase_confirm="confirm"
-
- while [ "$passphrase" != "$passphrase_confirm" ]; do
- read -s -p "Enter password for the private key: " passphrase
- printf "\n"
- read -s -p "Enter password again: " passphrase_confirm
- printf "\n"
-
- if [ "$passphrase" != "$passphrase_confirm" ]; then
- echo "Password don't match."
- fi
- done
-
- # TODO: insert random bytes
- # TODO: custom Name-Comment and Name-Email
- # TODO: allow for empty passphrases
- $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF
- Key-Type: RSA
- Key-Length: 4096
- Subkey-Type: ELG-E
- Subkey-Length: 4096
- Name-Real: $NODE
- Name-Email: root@$NODE
- Expire-Date: 0
- Passphrase: $passphrase
- %commit
-EOF
-
- # Encrypt the result
- echo "Encrypting secret key into keyringer..."
- $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
- echo "Encrypting public key into keyringer..."
- $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
- echo "Encrypting passphrase into keyringer..."
- echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
-
- if [ ! -z "$OUTFILE" ]; then
- mkdir -p `dirname $OUTFILE`
- printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
- $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE"
- $GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub"
- fi
-
- echo "Done"
-}
-
-# Generate a keypair, ssl version
-function genpair_ssl {
- echo "Make sure that $KEYDIR is atop of an encrypted volume."
- read -p "Hit ENTER to continue." prompt
-
- # Check for wildcard certs
- if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then
- WILDCARD="yes"
- CNAME="$NODE"
- NODE="`echo $NODE | sed -e 's/^\*\.//'`"
- else
- CNAME="${NODE}"
- fi
-
- # Setup
- cd "$TMPWORK"
-
- # Generate certificate
-cat <<EOF >> openssl.conf
-[ req ]
-default_keyfile = ${NODE}_privatekey.pem
-distinguished_name = req_distinguished_name
-encrypt_key = no
-req_extensions = v3_req # Extensions to add to certificate request
-string_mask = nombstr
-
-[ req_distinguished_name ]
-commonName_default = ${CNAME}
-organizationName = Organization Name
-organizationalUnitName = Organizational Unit Name
-emailAddress = Email Address
-localityName = Locality
-stateOrProvinceName = State
-countryName = Country Name
-commonName = Common Name
-
-[ v3_req ]
-extendedKeyUsage=serverAuth,clientAuth
-EOF
-
- # Add SubjectAltNames so wildcard certs can work correctly.
- if [ "$WILDCARD" == "yes" ]; then
-cat <<EOF >> openssl.conf
-subjectAltName=DNS:${NODE}, DNS:${CNAME}
-EOF
- fi
-
- echo "Please review your OpenSSL configuration:"
- cat openssl.conf
- read -p "Hit ENTER to continue." prompt
-
- openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \
- -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
-
- openssl req -noout -text -in ${NODE}_csr.pem
-
- # Self-sign
- if [ "$KEYTYPE" == "ssl-self" ]; then
- openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365
- chmod 600 "${NODE}_privatekey.pem"
- fi
-
- # Encrypt the result
- echo "Encrypting private key into keyringer..."
- cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
- echo "Encrypting certificate request into keyringer..."
- cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
-
- if [ "$KEYTYPE" == "ssl-self" ]; then
- echo "Encrypting certificate into keyringer..."
- cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
- elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then
- # Remove any existing crt
- keyringer_exec del "$BASEDIR" "$FILE.crt"
- fi
-
- cd "$CWD"
-
- if [ ! -z "$OUTFILE" ]; then
- mkdir -p `dirname $OUTFILE`
- printf "Saving copies at %s\n" "`dirname $OUTFILE`"
- cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
- cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr"
-
- if [ -f "$TMPWORK/${NODE}.crt" ]; then
- cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt"
- fi
- fi
-
- # Show cert fingerprint
- if [ "$KEYTYPE" == "ssl-self" ]; then
- openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
- fi
-
- echo "Done"
-}
-
-# Load functions
-LIB="`dirname $0`/../functions"
-source "$LIB" || exit 1
-
-# Aditional parameters
-KEYTYPE="$2"
-FILE="$RELATIVE_PATH/$3"
-NODE="$4"
-OUTFILE="$5"
-CWD="`pwd`"
-
-# Verify
-if [ -z "$NODE" ]; then
- echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
- echo -e "Options:"
- echo -e "\t gpg|ssh|ssl[-self]: key type."
- echo -e "\t file : base file name for encrypted output (relative to keys folder),"
- echo -e "\t without spaces"
- echo -e "\t hostname : host for the key pair"
- echo -e "\t outfile : optional unencrypted output file, useful for deployment,"
- echo -e "\t without spaces"
- exit 1
-elif [ ! -e "$KEYDIR" ]; then
- echo "Folder not found: $KEYDIR, leaving"
- exit 1
-fi
-
-# Set a tmp file
-keyringer_set_tmpfile genpair -d
-
-# Dispatch
-echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ]; then
- genpair_ssl
-else
- genpair_"$KEYTYPE"
-fi
-
-# Cleanup
-cd "$CWD"
-rm -rf "$TMPWORK"
-trap - EXIT
+genkeys \ No newline at end of file
diff --git a/lib/keyringer/actions/git b/lib/keyringer/actions/git
index 059b20e..218273f 100755
--- a/lib/keyringer/actions/git
+++ b/lib/keyringer/actions/git
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Git wrapper.
#
diff --git a/lib/keyringer/actions/ls b/lib/keyringer/actions/ls
index 93f5f75..b992ad4 100755
--- a/lib/keyringer/actions/ls
+++ b/lib/keyringer/actions/ls
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# List keys.
#
diff --git a/lib/keyringer/actions/mkdir b/lib/keyringer/actions/mkdir
index b31eb0b..63442a4 100755
--- a/lib/keyringer/actions/mkdir
+++ b/lib/keyringer/actions/mkdir
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Create folders.
#
diff --git a/lib/keyringer/actions/mv b/lib/keyringer/actions/mv
index daac7b0..2324145 100755
--- a/lib/keyringer/actions/mv
+++ b/lib/keyringer/actions/mv
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Move secrets.
#
diff --git a/lib/keyringer/actions/options b/lib/keyringer/actions/options
index b210e1a..eea73e8 100755
--- a/lib/keyringer/actions/options
+++ b/lib/keyringer/actions/options
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Repository options management.
#
diff --git a/lib/keyringer/actions/preferences b/lib/keyringer/actions/preferences
index 114f9ac..6e36ef4 100755
--- a/lib/keyringer/actions/preferences
+++ b/lib/keyringer/actions/preferences
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Manipulate user preferences.
#
diff --git a/lib/keyringer/actions/recipients b/lib/keyringer/actions/recipients
index 4149786..29f9d38 100755
--- a/lib/keyringer/actions/recipients
+++ b/lib/keyringer/actions/recipients
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Recipient management.
#
diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt
index 30c9254..5dce1ba 100755
--- a/lib/keyringer/actions/recrypt
+++ b/lib/keyringer/actions/recrypt
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Re-encrypt files to multiple recipients.
#
diff --git a/lib/keyringer/actions/rmdir b/lib/keyringer/actions/rmdir
index 398cf11..da7abe5 100755
--- a/lib/keyringer/actions/rmdir
+++ b/lib/keyringer/actions/rmdir
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Remove folders.
#
diff --git a/lib/keyringer/actions/shell b/lib/keyringer/actions/shell
index ab170b1..491fe0a 100755
--- a/lib/keyringer/actions/shell
+++ b/lib/keyringer/actions/shell
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Interactive shell.
#
diff --git a/lib/keyringer/actions/teardown b/lib/keyringer/actions/teardown
index 64da740..5bfb121 100755
--- a/lib/keyringer/actions/teardown
+++ b/lib/keyringer/actions/teardown
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Remove a keyring.
#
diff --git a/lib/keyringer/actions/tree b/lib/keyringer/actions/tree
index 8f9d7cd..9c09bfc 100755
--- a/lib/keyringer/actions/tree
+++ b/lib/keyringer/actions/tree
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# List keys, tree version.
#
diff --git a/lib/keyringer/actions/usage b/lib/keyringer/actions/usage
index 2ca7639..15096a0 100755
--- a/lib/keyringer/actions/usage
+++ b/lib/keyringer/actions/usage
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Show available commands
#
diff --git a/lib/keyringer/actions/xclip b/lib/keyringer/actions/xclip
index 7afdf05..0e60bbd 100755
--- a/lib/keyringer/actions/xclip
+++ b/lib/keyringer/actions/xclip
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Decrypt secret header to clipboard.
#
diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer
index 27cf919..fc952eb 100644
--- a/lib/keyringer/completions/bash/keyringer
+++ b/lib/keyringer/completions/bash/keyringer
@@ -93,12 +93,12 @@ _keyringer() {
recipients)
opts="ls edit"
;;
- ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
+ ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find|mv|cp)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
- genpair)
- opts="gpg ssh ssl ssl-self"
+ genkeys|genpair)
+ opts="gpg ssh x509 x509-self ssl ssl-self"
;;
git)
opts="$(_keyringer_git_complete ${cur})"
@@ -112,11 +112,15 @@ _keyringer() {
esac
elif [ "${#COMP_WORDS[@]}" == "5" ]; then
case "${command}" in
+ mv|cp)
+ cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
+ opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
+ ;;
recipients)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(cd $path/config/recipients && ls --color=never -p ${cur}* 2> /dev/null)"
;;
- genpair)
+ genkeys|genpair)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer
index ab95c3d..d4b89b1 100644
--- a/lib/keyringer/completions/zsh/_keyringer
+++ b/lib/keyringer/completions/zsh/_keyringer
@@ -49,12 +49,12 @@ _keyringer() {
recipients)
compadd "$@" ls edit
;;
- ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
+ ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find|mv|cp)
words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
;;
- genpair)
- compadd "$@" gpg ssh ssl ssl-self
+ genkeys|genpair)
+ compadd "$@" gpg ssh x509 x509-self ssl ssl-self
;;
git)
compadd "$@" $(_keyringer_git_complete $words[4])
@@ -68,11 +68,15 @@ _keyringer() {
;;
misc)
case "$words[3]" in
+ mv|cp)
+ words[5]="`echo $words[5] | sed -e "s|^/*||"`" # avoid leading slash
+ compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
+ ;;
recipients)
words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]* 2> /dev/null)
;;
- genpair)
+ genkeys|genpair)
words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
;;
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 42c047d..ab519b2 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
#
# Common functions.
#