Add simple master key provider for secret encryption

cmd/generate.go

@@ -6,10 +6,14 @@
 package cmd
 
 import (
+	"encoding/base64"
 	"fmt"
 	"os"
 
 	"code.gitea.io/gitea/modules/generate"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/services/secrets"
 
 	"github.com/mattn/go-isatty"
 	"github.com/urfave/cli"
@@ -32,6 +36,7 @@ var (
 			microcmdGenerateInternalToken,
 			microcmdGenerateLfsJwtSecret,
 			microcmdGenerateSecretKey,
+			microcmdGenerateMasterKey,
 		},
 	}
 
@@ -53,6 +58,12 @@ var (
 		Usage:  "Generate a new SECRET_KEY",
 		Action: runGenerateSecretKey,
 	}
+
+	microcmdGenerateMasterKey = cli.Command{
+		Name:   "MASTER_KEY",
+		Usage:  "Generate a new MASTER_KEY",
+		Action: runGenerateMasterKey,
+	}
 )
 
 func runGenerateInternalToken(c *cli.Context) error {
@@ -99,3 +110,43 @@ func runGenerateSecretKey(c *cli.Context) error {
 
 	return nil
 }
+
+func runGenerateMasterKey(c *cli.Context) error {
+	// Silence the console logger
+	log.DelNamedLogger("console")
+	log.DelNamedLogger(log.DEFAULT)
+
+	// Read configuration file
+	setting.LoadFromExisting()
+
+	providerType := secrets.MasterKeyProviderType(setting.MasterKeyProvider)
+	if providerType == secrets.MasterKeyProviderTypeNone {
+		return fmt.Errorf("configured master key provider does not support key generation")
+	}
+
+	if err := secrets.Init(); err != nil {
+		return err
+	}
+
+	scrts, err := secrets.GenerateMasterKey()
+	if err != nil {
+		return err
+	}
+
+	if len(scrts) > 1 {
+		fmt.Println("Unseal secrets:")
+		for i, secret := range scrts {
+			if i > 0 {
+				fmt.Printf("\n")
+			}
+			fmt.Printf("%s\n", base64.StdEncoding.EncodeToString(secret))
+		}
+	}
+	fmt.Println("Setting changes required:")
+	fmt.Println("[secrets]")
+	if providerType == secrets.MasterKeyProviderTypePlain && len(scrts) == 1 {
+		fmt.Printf("MASTER_KEY = %s\n", base64.StdEncoding.EncodeToString(scrts[0]))
+	}
+
+	return nil
+}