This repository has been archived by the owner on Feb 16, 2023. It is now read-only.
Add secrethub import dotenv command
#337
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hculea
changed the title
secrethub import commandsecrethub import dot-env command
This is also how the dotenv project is called, a.o. on npm: https://www.npmjs.com/package/dotenv
- Ommitting "the" shortens the description. A more concise help-text is easier to browse and read. - For the user, the effect of the command is more important than the implementation. Therefore, I've replaced "write" with "store". - I've changed "path" to "path to a directory on SecretHub" to be more specific and make sure there's no confusion with the local filesystem path or the secret paths themselves.
For those who want more control, they can use the default $EDITOR environment variable.
- When no edits are made to the paths on SecretHub on which the
secrets are imported, --secrets-dir can provision the secrets
and no secrethub.env file is necessary.
- The current generated secrethub.env file is incorrect (it uses
secrethub://, while a secrethub.env file uses {{ path/to/secret }}
- Sometimes, it may be preferred to use secret reference syntax
in environment variables of the orchestrator instead.
Therefore, we leave provisioning as a separate next step to the
import for now. We may be adding further support for a full migration
to this command later.
The openEditor function is now solely focussed on editing a given string value by the user. All logic concerning the mapping of environment variables to secret paths is extracted.
This adds a random suffix to the file
By defering the removal, it's also called when any error in the function causes the function to return before the old removal call was reached.
Previously, the mapping between envvar keys and paths to where the values of these envvars should be stored on SecretHub was defined twice: once for interactive mode and once for non-interactive mode. This commit refactors the code to use a single definition for both modes. This is intended to improve maintainability of the code and to ensure the default mapping of the interactive mode is the same as the mapping used in non-interactive mode.
It's now separate from the locations mapping
Previously, when envvar keys would be removed, renamed or added in the interactive mode, the command would panic. Now, removed envvars are skipped and for unknown (renamed or added) envvars an error is returned.
SimonBarendse
changed the title
secrethub import dot-env commandsecrethub import dotenv command
import dotenv now detects shared prefixes of environment variables and suggests to group these variables in a directory on SecretHub.
Before, one scanner.Scan() was hardcoded to skip the first line which explained the prompt. Now, the parser instead recognizes comment lines (starting with #) and skips those. This has the effect that the comment line can be safely removed by the user without affecting the result. And also the user can add more comment lines or comment out lines to ignore them. One more internal benefit is that we don't have a hardcoded dependency between the buildFile and buildMap functions sharing a dependency on how many lines the comment line is.
Before, the user could add an extra "=>" in the prompt and everything following that would be ignored. Now, all after the first "=>" is used as the path. The secret read will validate the secret path and throw an error in case the path contains "=>", as that's not allowed in a secret path. So, this commit changes an ignore and continue into an error case.
This prevents loading all contents in memory at the same time. It removes an unnecessary switch from io.Reader to string and back to io.Reader. It gives the helper functions more control, for example, the buildFile function can now use a tabwriter instead (to be added in a following commit).
Now all "=>" and SecretHub paths are aligned, improving readability
Instead of prompting the user to confirm to overwrite a single secret at once, instead list all secrets which will be overwritten immediately, and just ask once whether to overwrite all these secrets.
…owed A path to the root of a repository is also an acceptable argument for the dir-path in dotenv import.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This command will allow .env files to be imported to SecretHub.