superboum/droneci-secret-dump.go

## droneci-secret-dump.go
package main

import (
	"bufio"
	"os"
	"crypto/aes"
	"crypto/cipher"
	"encoding/hex"
	"errors"
	"fmt"
)

func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	if len(ciphertext) < gcm.NonceSize() {
		return nil, errors.New("malformed ciphertext")
	}

	return gcm.Open(nil,
		ciphertext[:gcm.NonceSize()],
		ciphertext[gcm.NonceSize():],
		nil,
	)
}

func main() {
	reader := bufio.NewReader(os.Stdin)
	fmt.Print("Enter DRONE_DATABASE_SECRET: ")
	k, err := reader.ReadString('\n')
	if err != nil {
		fmt.Println("failed to read key from stdin", err)
		return
	}
	k = k[:len(k)-1]
	fmt.Print("Enter your ciphertext dumped from PSQL as hex `select encode(secret_data, 'hex') from secrets where secret_name = xxx`: ")
	ciph, err := reader.ReadString('\n')
	if err != nil {
		fmt.Println("failed to read cipher from stdin", err)
		return
	}

	ciphb, err := hex.DecodeString(ciph[:len(ciph)-1])
	if err != nil {
		fmt.Println("cipher hex to bytes failed")
		return
	}

	p, err := decrypt(ciphb, []byte(k))
	if err != nil {
          fmt.Println("decryption failed",err)
	  return
	}

	fmt.Println(string(p))
}
	package main

	import (
	"bufio"
	"os"
	"crypto/aes"
	"crypto/cipher"
	"encoding/hex"
	"errors"
	"fmt"
	)

	func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
	block, err := aes.NewCipher(key)
	if err != nil {
	return nil, err
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
	return nil, err
	}

	if len(ciphertext) < gcm.NonceSize() {
	return nil, errors.New("malformed ciphertext")
	}

	return gcm.Open(nil,
	ciphertext[:gcm.NonceSize()],
	ciphertext[gcm.NonceSize():],
	nil,
	)
	}

	func main() {
	reader := bufio.NewReader(os.Stdin)
	fmt.Print("Enter DRONE_DATABASE_SECRET: ")
	k, err := reader.ReadString('\n')
	if err != nil {
	fmt.Println("failed to read key from stdin", err)
	return
	}
	k = k[:len(k)-1]
	fmt.Print("Enter your ciphertext dumped from PSQL as hex `select encode(secret_data, 'hex') from secrets where secret_name = xxx`: ")
	ciph, err := reader.ReadString('\n')
	if err != nil {
	fmt.Println("failed to read cipher from stdin", err)
	return
	}

	ciphb, err := hex.DecodeString(ciph[:len(ciph)-1])
	if err != nil {
	fmt.Println("cipher hex to bytes failed")
	return
	}

	p, err := decrypt(ciphb, []byte(k))
	if err != nil {
	fmt.Println("decryption failed",err)
	return
	}

	fmt.Println(string(p))
	}