improve UX in key:rotate command

paulbalandan · paulbalandan · commit 64e98b06c41f · 2026-05-10T04:05:51.000+08:00
diff --git a/system/Commands/Encryption/RotateKey.php b/system/Commands/Encryption/RotateKey.php
@@ -103,12 +103,13 @@ protected function execute(array $arguments, array $options): int
 
         if ($options['force'] === false) {
             if ($this->isInteractive()) {
-                CLI::error('Key rotation cancelled.');
-            } else {
-                CLI::error('Key rotation aborted.');
-                CLI::error('If you want, use the "--force" option to force the rotation.');
+                CLI::write('Key rotation cancelled.', 'yellow');
+
+                return EXIT_SUCCESS;
             }
 
+            CLI::error('Key rotation aborted: pass --force to rotate the encryption key in non-interactive mode.');
+
             return EXIT_ERROR;
         }
 
@@ -133,8 +134,13 @@ protected function execute(array $arguments, array $options): int
         // Write previousKeys first. If the subsequent `key:generate` call fails,
         // the worst case is a stale-but-still-decryptable `.env` (the rotated-out
         // key is preserved on disk).
-        if (! $this->writePreviousKeys($previousKeys)) {
-            CLI::error('Error in writing `encryption.previousKeys` to `.env` file.');
+        $envFile = ((new Paths())->envDirectory ?? ROOTPATH) . '.env'; // @phpstan-ignore nullCoalesce.property
+        $envFile = realpath($envFile);
+
+        assert(is_string($envFile));
+
+        if (! $this->writePreviousKeys($previousKeys, $envFile)) {
+            CLI::error(sprintf('Failed to write `encryption.previousKeys` to %s.', $envFile));
 
             return EXIT_ERROR;
         }
@@ -225,10 +231,8 @@ private function mergePreviousKeys(string $currentKey, array $existing, int $kee
      *
      * @param list<string> $previousKeys
      */
-    private function writePreviousKeys(array $previousKeys): bool
+    private function writePreviousKeys(array $previousKeys, string $envFile): bool
     {
-        $envFile = ((new Paths())->envDirectory ?? ROOTPATH) . '.env'; // @phpstan-ignore nullCoalesce.property
-
         if (! is_file($envFile)) {
             return false; // @codeCoverageIgnore
         }
@@ -259,11 +263,9 @@ private function writePreviousKeys(array $previousKeys): bool
         );
 
         if ($injected === $contents) {
-            // @codeCoverageIgnoreStart
             // Fallback: append to the end. Shouldn't trigger because `key:generate`
             // writes the `encryption.key` line just before this method runs.
-            $injected = $contents . "\nencryption.previousKeys = {$value}";
-            // @codeCoverageIgnoreEnd
+            $injected = $contents . "\nencryption.previousKeys = {$value}"; // @codeCoverageIgnore
         }
 
         return file_put_contents($envFile, $injected) !== false;
diff --git a/tests/system/Commands/Encryption/RotateKeyTest.php b/tests/system/Commands/Encryption/RotateKeyTest.php
@@ -229,7 +229,7 @@ public function testRotateErrorsWhenNoCurrentKey(): void
         $this->assertStringNotContainsString('encryption.previousKeys', (string) file_get_contents($this->envPath));
     }
 
-    public function testRotateAbortsWhenOverwritePromptIsDeclined(): void
+    public function testRotateCancelsWhenOverwritePromptIsDeclined(): void
     {
         $this->seedEnv(self::SEED_KEY);
 
@@ -274,7 +274,7 @@ public function testRotateOverwritesWhenOverwritePromptIsConfirmed(): void
         $this->assertSame(self::SEED_KEY, env('encryption.previousKeys'));
     }
 
-    public function testRotateAbortsNonInteractivelyAndHintsAboutForceFlag(): void
+    public function testRotateAbortsNonInteractively(): void
     {
         $this->seedEnv(self::SEED_KEY);
 
@@ -283,8 +283,7 @@ public function testRotateAbortsNonInteractivelyAndHintsAboutForceFlag(): void
         $this->assertSame(
             <<<'EOT'
 
-                Key rotation aborted.
-                If you want, use the "--force" option to force the rotation.
+                Key rotation aborted: pass --force to rotate the encryption key in non-interactive mode.
 
                 EOT,
             $this->getUndecoratedBuffer(),
@@ -525,11 +524,14 @@ public function testRotateErrorsWhenEnvFileIsNotWritable(): void
             command('key:rotate --force');
 
             $this->assertSame(
-                <<<'EOT'
+                sprintf(
+                    <<<'EOT'
 
-                    Error in writing `encryption.previousKeys` to `.env` file.
+                        Failed to write `encryption.previousKeys` to %s.
 
-                    EOT,
+                        EOT,
+                    $this->envPath,
+                ),
                 $this->getUndecoratedBuffer(),
             );
             $this->assertSame(self::SEED_KEY, env('encryption.key'));
