package main import ( "log" "os" cfsslconfig "github.com/cloudflare/cfssl/config" ) func migrateSecrets() { if _, err := os.Stat(secretDataPath()); err != nil { if os.IsNotExist(err) { return } log.Print("not migrating old secrets: ", err) return } log.Print("migrating old secrets") log := log.New(log.Default().Writer(), "secrets migration: ", log.Flags()|log.Lmsgprefix) // load secrets cfg, err := readConfig() if err != nil { log.Fatal(err) return } var sslCfg *cfsslconfig.Config if len(cfg.SSLConfig) == 0 { sslCfg = &cfsslconfig.Config{} } else { sslCfg, err = cfsslconfig.LoadConfig([]byte(cfg.SSLConfig)) if err != nil { return } } if err := loadSecretData(sslCfg); err != nil { log.Fatal(err) return } for clusterName, cluster := range secretData.clusters { for k, v := range cluster.Tokens { err = clusterTokens.Put(clusterName+"/"+k, v) if err != nil { log.Fatal(err) return } } for k, v := range cluster.Passwords { err = clusterPasswords.Put(clusterName+"/"+k, v) if err != nil { log.Fatal(err) return } } for caName, ca := range cluster.CAs { clusterCAs.Put(clusterName+"/"+caName, CA{Key: ca.Key, Cert: ca.Cert}) for signedName, signed := range ca.Signed { clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed) } } // TODO } }