stripe · etsai-stripe · Aug 2, 2022 · Jul 22, 2022 · Jul 22, 2022 · Jul 22, 2022
@@ -168,22 +168,7 @@ func (c *Config) InitConfig() {
 	})
 
 	// redact livemode values for existing configs
-	if err := viper.ReadInConfig(); err == nil {
-		// if the config file has expires at date, then it is using the new livemode key storage
-		if viper.IsSet(c.Profile.GetConfigField(LiveModeAPIKeyName)) {
-			key := viper.GetString(c.Profile.GetConfigField(LiveModeAPIKeyName))
-			if !IsRedactedAPIKey(key) {
-				c.Profile.WriteConfigField(LiveModeAPIKeyName, RedactAPIKey(key))
-			}
-		}
-
-		if viper.IsSet(c.Profile.GetConfigField(LiveModePubKeyName)) {
-			key := viper.GetString(c.Profile.GetConfigField(LiveModePubKeyName))
-			if !IsRedactedAPIKey(key) {
-				c.Profile.WriteConfigField(LiveModePubKeyName, RedactAPIKey(key))
-			}
-		}
-	}
+	c.Profile.redactAllLivemodeValues()
 }
 
 // EditConfig opens the configuration file in the default editor.

@@ -139,7 +139,8 @@ func (p *Profile) GetAPIKey(livemode bool) (string, error) {
 			key = viper.GetString(p.GetConfigField(TestModeAPIKeyName))
 		}
 	} else {
-		key, err = p.RetrieveLivemodeValue(LiveModeAPIKeyName)
+		p.redactAllLivemodeValues()
+		key, err = p.retrieveLivemodeValue(LiveModeAPIKeyName)
 		if err != nil {
 			return "", err
 		}
@@ -162,7 +163,7 @@ func (p *Profile) GetExpiresAt(livemode bool) (time.Time, error) {
 	var err error
 
 	if livemode {
-		timeString, err = p.RetrieveLivemodeValue(LiveModeKeyExpiresAtName)
+		timeString, err = p.retrieveLivemodeValue(LiveModeKeyExpiresAtName)
 		if err != nil {
 			return time.Time{}, err
 		}
@@ -183,30 +184,30 @@ func (p *Profile) GetExpiresAt(livemode bool) (time.Time, error) {
 
 // GetPublishableKey returns the publishable key for the user
 func (p *Profile) GetPublishableKey(livemode bool) (string, error) {
+	var fieldID string
 	var key string
-	var err error
 
 	if livemode {
-		key, err = p.RetrieveLivemodeValue(LiveModePubKeyName)
-		if err != nil {
-			return "", err
-		}
+		fieldID = LiveModePubKeyName
 	} else {
-		// test mode
-		if err := viper.ReadInConfig(); err == nil {
-			if viper.IsSet(p.GetConfigField("publishable_key")) {
-				p.RegisterAlias(TestModePubKeyName, "publishable_key")
-			}
-			// there is a bug with viper.GetStringMapString when the key name is too long, which makes
-			// `config --list --project-name <project_name>` unable to read the project specific config
-			if viper.IsSet(p.GetConfigField("test_mode_publishable_key")) {
-				p.RegisterAlias(TestModePubKeyName, "test_mode_publishable_key")
-			}
-
-			key = viper.GetString(p.GetConfigField(TestModePubKeyName))
+		fieldID = TestModePubKeyName
+
+		if viper.IsSet(p.GetConfigField("publishable_key")) {
+			p.RegisterAlias(TestModePubKeyName, "publishable_key")
+		}
+		// there is a bug with viper.GetStringMapString when the key name is too long, which makes
+		// `config --list --project-name <project_name>` unable to read the project specific config
+		if viper.IsSet(p.GetConfigField("test_mode_publishable_key")) {
+			p.RegisterAlias(TestModePubKeyName, "test_mode_publishable_key")
 		}
 	}
 
+	err := viper.ReadInConfig()
+	if err != nil {
+		return "", err
+	}
+
+	key = viper.GetString(p.GetConfigField(fieldID))
 	if key != "" {
 		return key, nil
 	}
@@ -258,7 +259,7 @@ func (p *Profile) DeleteConfigField(field string) error {
 
 	// delete livemode redacted values from config and full values from keyring
 	if field == LiveModeAPIKeyName || field == LiveModePubKeyName || field == LiveModeKeyExpiresAtName {
-		p.DeleteLivemodeValue(field)
+		p.deleteLivemodeValue(field)
 	}
 
 	return p.writeProfile(v)
@@ -284,16 +285,12 @@ func (p *Profile) writeProfile(runtimeViper *viper.Viper) error {
 		runtimeViper.Set(p.GetConfigField(LiveModeKeyExpiresAtName), expiresAt)
 
 		// store actual key in secure keyring
-		p.storeLivemodeValue(LiveModeAPIKeyName, strings.TrimSpace(p.LiveModeAPIKey), "Live mode API key")
-		p.storeLivemodeValue(LiveModeKeyExpiresAtName, expiresAt, "Live mode API key expirary")
+		p.saveLivemodeValue(LiveModeAPIKeyName, strings.TrimSpace(p.LiveModeAPIKey), "Live mode API key")
+		p.saveLivemodeValue(LiveModeKeyExpiresAtName, expiresAt, "Live mode API key expirary")
 	}
 
 	if p.LiveModePublishableKey != "" {
-		// store redacted key in config
-		runtimeViper.Set(p.GetConfigField(LiveModePubKeyName), RedactAPIKey(strings.TrimSpace(p.LiveModePublishableKey)))
-
-		// store actual key in secure keyring
-		p.storeLivemodeValue(LiveModePubKeyName, strings.TrimSpace(p.LiveModePublishableKey), "Live mode publishable key")
+		runtimeViper.Set(p.GetConfigField(LiveModePubKeyName), strings.TrimSpace(p.LiveModePublishableKey))
 	}
 
 	if p.TestModeAPIKey != "" {

@@ -1,10 +1,14 @@
 package config
 
 import (
+	"fmt"
+	"os"
 	"strings"
 
 	"github.com/99designs/keyring"
+	"github.com/spf13/viper"
 
+	"github.com/stripe/stripe-cli/pkg/ansi"
 	"github.com/stripe/stripe-cli/pkg/validators"
 )
 
@@ -17,8 +21,8 @@ const KeyValidInDays = 90
 // KeyRing ...
 var KeyRing keyring.Keyring
 
-// storeLivemodeValue
-func (p *Profile) storeLivemodeValue(field, value, description string) {
+// saveLivemodeValue saves livemode value of given key in keyring
+func (p *Profile) saveLivemodeValue(field, value, description string) {
 	fieldID := p.GetConfigField(field)
 	_ = KeyRing.Set(keyring.Item{
 		Key:         fieldID,
@@ -28,8 +32,8 @@ func (p *Profile) storeLivemodeValue(field, value, description string) {
 	})
 }
 
-// RetrieveLivemodeValue ...
-func (p *Profile) RetrieveLivemodeValue(key string) (string, error) {
+// retrieveLivemodeValue retrieves livemode value of given key in keyring
+func (p *Profile) retrieveLivemodeValue(key string) (string, error) {
 	fieldID := p.GetConfigField(key)
 	existingKeys, err := KeyRing.Keys()
 	if err != nil {
@@ -46,8 +50,8 @@ func (p *Profile) RetrieveLivemodeValue(key string) (string, error) {
 	return "", validators.ErrAPIKeyNotConfigured
 }
 
-// DeleteLivemodeValue ...
-func (p *Profile) DeleteLivemodeValue(key string) error {
+// deleteLivemodeValue deletes livemode value of given key in keyring
+func (p *Profile) deleteLivemodeValue(key string) error {
 	fieldID := p.GetConfigField(key)
 	existingKeys, err := KeyRing.Keys()
 	if err != nil {
@@ -62,6 +66,25 @@ func (p *Profile) DeleteLivemodeValue(key string) error {
 	return nil
 }
 
+// redactAllLivemodeValues redacts all livemode values in the local config file
+func (p *Profile) redactAllLivemodeValues() {
+	color := ansi.Color(os.Stdout)
+
+	if err := viper.ReadInConfig(); err == nil {
+		// if the config file has expires at date, then it is using the new livemode key storage
+		if viper.IsSet(p.GetConfigField(LiveModeAPIKeyName)) {
+			key := viper.GetString(p.GetConfigField(LiveModeAPIKeyName))
+			if !isRedactedAPIKey(key) {
+				fmt.Println(color.Yellow(`
+(!) Livemode value found for the field '` + LiveModeAPIKeyName + `' in your config file.
+Livemode values from the config file will be redacted and will not be used.`))
+
+				p.WriteConfigField(LiveModeAPIKeyName, RedactAPIKey(key))
+			}
+		}
+	}
+}
+
 // RedactAPIKey returns a redacted version of API keys. The first 8 and last 4
 // characters are not redacted, everything else is replaced by "*" characters.
 //
@@ -76,8 +99,8 @@ func RedactAPIKey(apiKey string) string {
 	return b.String()
 }
 
-// IsRedactedAPIKey ...
-func IsRedactedAPIKey(apiKey string) bool {
+// isRedactedAPIKey checks if the input string is a refacted api key
+func isRedactedAPIKey(apiKey string) bool {
 	keyParts := strings.Split(apiKey, "_")
 	if len(keyParts) < 3 {
 		return false