use anyhow::Result;
use cipherstash_client::zerokms::{
EncryptPayload, EnvKeyProvider, FallbackKeyProvider, ZeroKMSBuilder,
};
use clap::Parser;
use stack_auth::AutoStrategy;
use stack_profile::ProfileStore;
#[derive(Parser, Debug)]
#[command(version)]
struct Args {
#[arg(long)]
descriptor: String,
#[arg(long)]
message: String,
}
#[tokio::main]
async fn main() -> Result<()> {
let args = Args::parse();
let strategy = AutoStrategy::detect()?;
let zero_kms = ZeroKMSBuilder::new(strategy)
.with_key_provider(FallbackKeyProvider::new(
EnvKeyProvider,
ProfileStore::default(),
))
.build()
.await?;
let record = zero_kms
.encrypt_single(
EncryptPayload::new_with_descriptor(args.message.as_bytes(), &args.descriptor),
None,
)
.await?;
println!("Message: {}", args.message);
println!("Descriptor: {}", args.descriptor);
println!("---");
println!("Encrypted: {}", record.to_mp_base85()?);
Ok(())
}