lib/seira/secrets.rb in seira-0.1.5 vs lib/seira/secrets.rb in seira-0.1.6
- old
+ new
@@ -6,11 +6,11 @@
# seira demo tracking secret unset DISABLE_SOME_FEATURE
# seira staging importer secret list
# TODO: Can we avoid writing to disk completely and instead pipe in raw json?
module Seira
class Secrets
- VALID_ACTIONS = %w[help get set unset list list-decoded create-pgbouncer-secret].freeze
+ VALID_ACTIONS = %w[help get set unset list list-decoded].freeze
PGBOUNCER_SECRETS_NAME = 'pgbouncer-secrets'.freeze
SUMMARY = "Manage your application's secrets and environment variables.".freeze
attr_reader :app, :action, :args, :context
@@ -63,19 +63,27 @@
"#{app}-secrets"
end
def get(key)
secrets = fetch_current_secrets
- Base64.decode64(secrets['data'][key])
+ encoded_value = secrets.dig('data', key)
+ encoded_value.nil? ? nil : Base64.decode64(encoded_value)
end
private
def run_help
puts SUMMARY
puts "\n\n"
- puts "TODO"
+ puts "Possible actions:\n\n"
+ puts "get: fetch the value of a secret: `secrets get PASSWORD`"
+ puts "set: set one or more secret values: `secrets set USERNAME=admin PASSWORD=asdf`"
+ puts " to specify a value with spaces: `secrets set LIPSUM=\"Lorem ipsum\"`"
+ puts " to specify a value with newlines: `secrets set RSA_KEY=\"$(cat key.pem)\"`"
+ puts "unset: remove a secret: `secrets unset PASSWORD`"
+ puts "list: list all secret keys and values"
+ puts "list: list all secret keys and values, and decode from base64"
end
def validate_single_key
if key.nil? || key.strip == ""
puts "Please specify a key in all caps and with underscores"
@@ -89,10 +97,15 @@
exit(1)
end
end
def run_get
- puts "#{key}: #{get(key)}"
+ value = get(key)
+ if value.nil?
+ puts "Secret '#{key}' not found"
+ else
+ puts "#{key}: #{value}"
+ end
end
def run_set
secrets = fetch_current_secrets
secrets['data'].merge!(key_value_map.transform_values { |value| Base64.strict_encode64(value) })