From f440ca7f9a9d274c5e3594f218f97754af267816 Mon Sep 17 00:00:00 2001
From: Keith Chong <kykchong@redhat.com>
Date: Thu, 8 Apr 2021 10:20:07 -0400
Subject: [PATCH] Insecure option is not available in interactive mode (812)
 (#219)

Signed-off-by: Keith Chong <kykchong@redhat.com>
---
 pkg/cmd/bootstrap.go |  3 +++
 pkg/cmd/ui/ui.go     | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/pkg/cmd/bootstrap.go b/pkg/cmd/bootstrap.go
index fcf878a4a..d4bb93617 100644
--- a/pkg/cmd/bootstrap.go
+++ b/pkg/cmd/bootstrap.go
@@ -156,6 +156,9 @@ func initiateInteractiveMode(io *BootstrapParameters, client *utility.Client, cm
 	promptForAll := !ui.UseDefaultValues()
 	// ask for sealed secrets only when default is absent, and consider insecure/secure cases
 	err := client.CheckIfSealedSecretsExists(defaultSealedSecretsServiceName)
+	if !cmd.Flag("insecure").Changed && promptForAll {
+		io.Insecure = ui.SelectInsecureSecrets(err)
+	}
 	if !io.Insecure && err != nil {
 		io.SealedSecretsService.Namespace = ui.EnterSealedSecretService(&io.SealedSecretsService)
 	}
diff --git a/pkg/cmd/ui/ui.go b/pkg/cmd/ui/ui.go
index 2231ccf23..07ed51716 100644
--- a/pkg/cmd/ui/ui.go
+++ b/pkg/cmd/ui/ui.go
@@ -153,6 +153,24 @@ func EnterSealedSecretService(sealedSecretService *types.NamespacedName) string
 	return strings.TrimSpace(sealedNs)
 }
 
+// SelectInsecureSecrets, prompts the UI to ask to generate unsealed secrets or not
+func SelectInsecureSecrets(err error) bool {
+	var insecure, msg string
+	if err != nil {
+		msg = "Do you want to use 1) unsealed secrets or 2) sealed secrets and provide the details of the Sealed Secrets Operator installation?"
+	} else {
+		msg = "You are able to seal secrets. Select Sealed to continue or Unsealed to generate unsealed secrets, which is not recommended."
+	}
+	prompt := &survey.Select{
+		Message: msg,
+		Help:    "WARNING: Deploying the GitOps configuration without encrypting secrets is insecure and is not recommended",
+		Options: []string{"Sealed", "Unsealed"},
+		Default: "Sealed",
+	}
+	handleError(survey.AskOne(prompt, &insecure, survey.Required))
+	return insecure == "Unsealed"
+}
+
 // EnterGitHostAccessToken , it becomes necessary to add the personal access
 // token to access upstream git hosts.
 func EnterGitHostAccessToken(serviceRepo string) string {