[report,collect] Add env var and prompt options for encryption

Adds a new `--encrypt` option that may be used in place of the existing encrypt-related options. If used alongside `--batch`, this new option will cause sos to set encryption options based on the `SOSENCRYPTKEY` or `SOSENCRYPTPASS` environment variables. This allows users to leverage this functionality without potentially leaking the values into `ps`-like output inside the archive. If `--batch` is not used, then this option prompts the user to select the type of method to use and then provide the value in-line, or to use the env var option. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
author: Jake Hunsaker <jhunsake@redhat.com> 2022-04-19 17:28:07 -0400
committer: Jake Hunsaker <jhunsake@redhat.com> 2022-04-26 09:44:32 -0400
commit: a705fb1ce4f77d40f1dc40e535d49409d3681ed2 (patch)
tree: 7003cc072857bda342d350ae28dda429f4ab83f6 /man/en
parent: 68bb9d3aeb72726f9a4c13e7e36f71dc56390c63 (diff)
download: sos-a705fb1ce4f77d40f1dc40e535d49409d3681ed2.tar.gz
2 files changed, 41 insertions, 0 deletions
diff --git a/man/en/sos-report.1 b/man/en/sos-report.1
index e3477398..5b2b1d58 100644
--- a/man/en/sos-report.1
+++ b/man/en/sos-report.1
@@ -33,6 +33,7 @@ sos report \- Collect and package diagnostic and support data
           [--skip-files files]\fR
           [--allow-system-changes]\fR
           [-z|--compression-type method]\fR
+          [--encrypt]\fR
           [--encrypt-key KEY]\fR
           [--encrypt-pass PASS]\fR
           [--upload] [--upload-url url] [--upload-user user]\fR
@@ -222,6 +223,26 @@ Run commands even if they can change the system (e.g. load kernel modules).
 .B \-z, \--compression-type METHOD
 Override the default compression type specified by the active policy.
 .TP
+.B \-\-encrypt
+Encrypt the resulting archive, and determine the method by which that encryption
+is done by either a user prompt or environment variables.
+
+When run with \fB--batch\fR, using this option will cause sos to look for either the
+\fBSOSENCRYPTKEY\fR or \fBSOSENCRYPTPASS\fR environment variables. If set, this will
+implicitly enable the \fB--encrypt-key\fR or \fB--encrypt-pass\fR options, respectively,
+to the values set by the environment variable. This enables the use of these options
+without directly setting those options in a config file or command line string. Note that
+use of an encryption key has precedence over a passphrase.
+
+Otherwise, using this option will cause sos to prompt the user to choose the method
+of encryption to use. Choices will be [P]assphrase, [K]ey, [E]nv vars, or [N]o encryption.
+If passphrase or key the user will then be prompted for the respective value, env vars will
+cause sos to source the information in the manner stated above, and choosing no encryption
+will disable encryption.
+
+See the sections on \fB--encrypt-key\fR and \fB--encrypt-pass\fR below for more
+information.
+.TP
 .B \--encrypt-key KEY
 Encrypts the resulting archive that sosreport produces using GPG. KEY must be
 an existing key in the user's keyring as GPG does not allow for keyfiles.
diff --git a/man/en/sos.1 b/man/en/sos.1
index c335b7e1..2d5a9721 100644
--- a/man/en/sos.1
+++ b/man/en/sos.1
@@ -82,6 +82,26 @@ to be set across all components.
 .B \-\-batch
 Do not prompt interactively, user will not be prompted for any data
 .TP
+.B \-\-encrypt
+Encrypt the resulting archive, and determine the method by which that encryption
+is done by either a user prompt or environment variables.
+
+When run with \fB--batch\fR, using this option will cause sos to look for either the
+\fBSOSENCRYPTKEY\fR or \fBSOSENCRYPTPASS\fR environment variables. If set, this will
+implicitly enable the \fB--encrypt-key\fR or \fB--encrypt-pass\fR options, respectively,
+to the values set by the environment variable. This enables the use of these options
+without directly setting those options in a config file or command line string. Note that
+use of an encryption key has precedence over a passphrase.
+
+Otherwise, using this option will cause sos to prompt the user to choose the method
+of encryption to use. Choices will be [P]assphrase, [K]ey, [E]nv vars, or [N]o encryption.
+If passphrase or key the user will then be prompted for the respective value, env vars will
+cause sos to source the information in the manner stated above, and choosing no encryption
+will disable encryption.
+
+See the sections on \fB--encrypt-key\fR and \fB--encrypt-pass\fR below for more
+information.
+.TP
 .B \--encrypt-key KEY
 Encrypts the resulting archive that sosreport produces using GPG. KEY must be
 an existing key in the user's keyring as GPG does not allow for keyfiles.
author	Jake Hunsaker <jhunsake@redhat.com>	2022-04-19 17:28:07 -0400
committer	Jake Hunsaker <jhunsake@redhat.com>	2022-04-26 09:44:32 -0400
commit	a705fb1ce4f77d40f1dc40e535d49409d3681ed2 (patch)
tree	7003cc072857bda342d350ae28dda429f4ab83f6 /man/en
parent	68bb9d3aeb72726f9a4c13e7e36f71dc56390c63 (diff)
download	sos-a705fb1ce4f77d40f1dc40e535d49409d3681ed2.tar.gz