Allow for disabling of secret caching

So far we have cached secrets in gpg-agent(1) whenever that made sense
to do (i.e., for the two PINs in most contexts but not for passwords).
While there is reason to believe that such caching is desired by the
majority of users, not everybody has a use for it.
To give users an opportunity to opt out of such caching, this change
introduces a new environment variable, NITROCLI_NO_CACHE, that, when
present in the environment, instructs the program to bypass the cache
for all operations that require a secret and to instead inquire such
secrets each time they are needed.

1 files changed, 4 insertions, 0 deletions

diff --git a/nitrocli/src/main.rs b/nitrocli/src/main.rs
index 1629167..5cb3faf 100644
--- a/nitrocli/src/main.rs
+++ b/nitrocli/src/main.rs
@@ -102,6 +102,7 @@ const NITROCLI_USER_PIN: &str = "NITROCLI_USER_PIN";
 const NITROCLI_NEW_ADMIN_PIN: &str = "NITROCLI_NEW_ADMIN_PIN";
 const NITROCLI_NEW_USER_PIN: &str = "NITROCLI_NEW_USER_PIN";
 const NITROCLI_PASSWORD: &str = "NITROCLI_PASSWORD";
+const NITROCLI_NO_CACHE: &str = "NITROCLI_NO_CACHE";
 
 /// The context used when running the program.
 pub(crate) struct RunCtx<'io> {
@@ -123,6 +124,8 @@ pub(crate) struct RunCtx<'io> {
   pub new_user_pin: Option<ffi::OsString>,
   /// A password used by some commands, if provided through an environment variable.
   pub password: Option<ffi::OsString>,
+  /// Whether to bypass the cache for all secrets or not.
+  pub no_cache: bool,
 }
 
 fn run<'ctx, 'io: 'ctx>(ctx: &'ctx mut RunCtx<'io>, args: Vec<String>) -> i32 {
@@ -157,6 +160,7 @@ fn main() {
     new_admin_pin: env::var_os(NITROCLI_NEW_ADMIN_PIN),
     new_user_pin: env::var_os(NITROCLI_NEW_USER_PIN),
     password: env::var_os(NITROCLI_PASSWORD),
+    no_cache: env::var_os(NITROCLI_NO_CACHE).is_some(),
   };
 
   let rc = run(ctx, args);