New syntax to enable repository encryption

CHANGES

@@ -9,6 +9,8 @@ Version 0.8
 
 (feature release, released on X)
 
+- New syntax to enable repository encryption:
+    attic init --encryption="none|passphrase|keyfile"
 - Detect and abort if repository is older than the cache
 
 

attic/archiver.py

@@ -356,12 +356,9 @@ class Archiver:
         subparser.add_argument('repository', metavar='REPOSITORY',
                                type=location_validator(archive=False),
                                help='repository to create')
-        subparser.add_argument('--key-file', dest='keyfile',
-                               action='store_true', default=False,
-                               help='enable key file based encryption')
-        subparser.add_argument('--passphrase', dest='passphrase',
-                               action='store_true', default=False,
-                               help='enable passphrase based encryption')
+        subparser.add_argument('-e', '--encryption', dest='encryption',
+                               choices=('none', 'passphrase', 'keyfile'), default='none',
+                               help='select encryption method')
 
         subparser = subparsers.add_parser('change-passphrase', parents=[common_parser],
                                           description=self.do_change_passphrase.__doc__)

attic/key.py

@@ -20,9 +20,9 @@ class HMAC(hmac.HMAC):
 
 
 def key_creator(repository, args):
-    if args.keyfile:
+    if args.encryption == 'keyfile':
         return KeyfileKey.create(repository, args)
-    elif args.passphrase:
+    elif args.encryption == 'passphrase':
         return PassphraseKey.create(repository, args)
     else:
         return PlaintextKey.create(repository, args)
@@ -62,7 +62,7 @@ class PlaintextKey(KeyBase):
 
     @classmethod
     def create(cls, repository, args):
-        print('Encryption NOT enabled.\nUse the --key-file or --passphrase options to enable encryption.')
+        print('Encryption NOT enabled.\nUse the "--encryption=passphrase|keyfile" to enable encryption.')
         return cls()
 
     @classmethod

docs/quickstart.rst

@@ -82,7 +82,7 @@ Repository encryption
 
 Repository encryption is enabled at repository encryption time::
 
-    $ attic init --passphrase | --key-file
+    $ attic init --encryption=passphrase|keyfile PATH
 
 When repository encryption is enabled all data is encrypted using 256-bit AES_
 encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.