New syntax to enable repository encryption

2026-04-15 21:59:58 -04:00 · 2013-08-10 13:02:20 +02:00 · 2013-08-10 13:02:20 +02:00 · 012e0d4153
commit 012e0d4153
parent 5fa5380f0f
4 changed files with 9 additions and 10 deletions
--- a/2
+++ b/2
@ -9,6 +9,8 @@ Version 0.8

 (feature release, released on X)

+- New syntax to enable repository encryption:
+    attic init --encryption="none|passphrase|keyfile"
 - Detect and abort if repository is older than the cache


--- a/attic/archiver.py
+++ b/attic/archiver.py
@ -356,12 +356,9 @@ class Archiver:
        subparser.add_argument('repository', metavar='REPOSITORY',
                               type=location_validator(archive=False),
                               help='repository to create')
-        subparser.add_argument('--key-file', dest='keyfile',
-                               action='store_true', default=False,
-                               help='enable key file based encryption')
-        subparser.add_argument('--passphrase', dest='passphrase',
-                               action='store_true', default=False,
-                               help='enable passphrase based encryption')
+        subparser.add_argument('-e', '--encryption', dest='encryption',
+                               choices=('none', 'passphrase', 'keyfile'), default='none',
+                               help='select encryption method')

        subparser = subparsers.add_parser('change-passphrase', parents=[common_parser],
                                          description=self.do_change_passphrase.__doc__)
--- a/attic/key.py
+++ b/attic/key.py
@ -20,9 +20,9 @@ class HMAC(hmac.HMAC):


 def key_creator(repository, args):
-    if args.keyfile:
+    if args.encryption == 'keyfile':
        return KeyfileKey.create(repository, args)
-    elif args.passphrase:
+    elif args.encryption == 'passphrase':
        return PassphraseKey.create(repository, args)
    else:
        return PlaintextKey.create(repository, args)
@ -62,7 +62,7 @@ class PlaintextKey(KeyBase):

    @classmethod
    def create(cls, repository, args):
-        print('Encryption NOT enabled.\nUse the --key-file or --passphrase options to enable encryption.')
+        print('Encryption NOT enabled.\nUse the "--encryption=passphrase|keyfile" to enable encryption.')
        return cls()

    @classmethod
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@ -82,7 +82,7 @@ Repository encryption

 Repository encryption is enabled at repository encryption time::

-    $ attic init --passphrase | --key-file
+    $ attic init --encryption=passphrase|keyfile PATH

 When repository encryption is enabled all data is encrypted using 256-bit AES_
 encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.