From 5dcccad0c03e01bb74130ff08725f7f4a5ba65aa Mon Sep 17 00:00:00 2001 From: Ellie Huxtable Date: Thu, 5 Dec 2024 00:52:38 +0000 Subject: [PATCH] feat: provide additional clarity around key management (#2467) * feat: add help text for key management There's been a number of help requests lately that seem to stem from a misunderstanding around key management All machines connected to sync must use the same encryption key. The key is up to the user to manage, as if we had access to it then the encryption wouldn't make sense. In the future, we should verify that the key provided matches what has been used to encrypt existing data. * never generate a new key on login --- crates/atuin/src/command/client/account/login.rs | 11 ++++++++--- crates/atuin/src/command/client/account/register.rs | 3 +++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/crates/atuin/src/command/client/account/login.rs b/crates/atuin/src/command/client/account/login.rs index a1b95ad9dca..57d5f86362e 100644 --- a/crates/atuin/src/command/client/account/login.rs +++ b/crates/atuin/src/command/client/account/login.rs @@ -6,7 +6,7 @@ use tokio::{fs::File, io::AsyncWriteExt}; use atuin_client::{ api_client, - encryption::{decode_key, encode_key, load_key, new_key, Key}, + encryption::{decode_key, encode_key, load_key, Key}, record::sqlite_store::SqliteStore, record::store::Store, settings::Settings, @@ -55,6 +55,12 @@ impl Cmd { let key_path = settings.key_path.as_str(); let key_path = PathBuf::from(key_path); + println!("IMPORTANT"); + println!("If you are already logged in on another machine, you must ensure that the key you use here is the same as the key you used there."); + println!("You can find your key by running 'atuin key' on the other machine"); + println!("Do not share this key with anyone"); + println!("\nRead more here: https://docs.atuin.sh/guide/sync/#login \n"); + let key = or_user_input(&self.key, "encryption key [blank to use existing key file]"); // if provided, the key may be EITHER base64, or a bip mnemonic @@ -97,8 +103,7 @@ impl Cmd { bail!("the key in existing key file was invalid"); } } else { - println!("No key file exists, creating a new"); - let _key = new_key(settings)?; + panic!("No key provided. Please use 'atuin key' on your other machine, or recover your key from a backup.") } } else if !key_path.exists() { if decode_key(key.clone()).is_err() { diff --git a/crates/atuin/src/command/client/account/register.rs b/crates/atuin/src/command/client/account/register.rs index 96b7d7d6c1a..f1479b0c76b 100644 --- a/crates/atuin/src/command/client/account/register.rs +++ b/crates/atuin/src/command/client/account/register.rs @@ -51,5 +51,8 @@ pub async fn run( let _key = atuin_client::encryption::load_key(settings)?; + println!("Registration successful! Please make a note of your key (run 'atuin key') and keep it safe."); + println!("You will need it to log in on other devices, and we cannot help recover it if you lose it."); + Ok(()) }