CLI user interface? about age HOT 5 CLOSED

About long options, I always planned to provide long versions of all short options except -i and -o. The standard flags package already supports double dashes if that's what you prefer, so I don't see the need to use a third party package: the only difference would be that it would make it possible to combine multiple short options, which I think is an anti-pattern. We shouldn't have that many options to begin with!

I am not a fan of sub-commands, they are necessary when you have a sprawling CLI, but we shouldn't! They reduce discoverability and make commands more verbose. I understand the frustration with not knowing what mode gpg is in, but we really only have two: encrypt and decrypt. Maybe generate should even be a separate binary, age-keygen?

I do think we need to change the CLI a bit though. "All arguments are recipients or keys" was clever, but is not usable: people will pass inputs as arguments all the time, and with -i you have to put the key after the input. I'm thinking we just drop arguments entirely, and introduce -r/-recipient and -k/-key. Or... we take a single optional argument as input, and use -i/-identity for decryption, matching SSH.

$ age-keygen > key.txt

$ echo "_o/" | age -r pubkey:98W5ph53zfPGOzEOH-fMojQ4jUY7VLEmtmozREqnw4I > hello.txt.age

$ age -d -i key.txt hello.txt.age
_o/

$ tar cv ~/xxx | age -r github:Benjojo -r github:FiloSottile | nc 192.0.2.0 1234

$ echo "_o/" | age -o hello.age -r pubkey:98W5ph53zfPGOzEOH-fMojQ4jUY7VLEmtmozREqnw4I

$ age -o hello.txt.age -p hello.txt
Type passphrase:

from age.

A separate keygen binary is probably a good idea in order to simplify the UX.

I like moving from positional arguments to repeated -r recipient (it would similarly improve the rage UX). I did wonder for a moment whether it would make recipient expansion in the CLI harder (i.e. cat foo | age $(fetch_recipients from somewhere) >bar would need to interpolate -r), but I think it's probably better to just direct this kind of use-case towards storing the recipients in an intermediate file and then using cat foo | age -r recipients.txt >bar instead.

I'm ambivalent about -k vs -i. If we did have a single positional argument as input, then should we support the somewhat-common convention of mapping the filename - to stdin? Incidentally, I see that gpg (at least according to its manpage) requires passing -o - in order to write to stdout.

from age.

I'm ambivalent about -k vs -i. If we did have a single positional argument as input, then should we support the somewhat-common convention of mapping the filename - to stdin? Incidentally, I see that gpg (at least according to its manpage) requires passing -o - in order to write to stdout.

Yeah, let's honor the mapping. I want it to be easy to pipe input and output, so stdin and stdout should stay the defaults if no argument or -o is specified. We can refuse to spew binary to stdout unless overridden with -o -, though.

from age.

Done! I'll update the spec later.

from age.

Great, thanks!

from age.