feat(secrets): add secrets to system properties

[DanielHougaard]

This PR adds support for setting secrets retrieved by ListSecrets, to the system properties, making them accessible through System.getProperty(secretKey)`.

Ideally we'd want it to be accessible on os.Getenv(), but in Java the environment is immutable, so this isn't possible for our SDK. If we had built more framework-targeted SDK's (like a specific springboot SDK), we could've achieved this. But our SDK is general-purpose, so we can't narrow it down to certain framework implementations.

Summary by CodeRabbit

• New Features

  • Enhanced secret management by introducing an option to automatically expose retrieved secrets as system properties.

• Documentation

  • Updated API usage examples and parameter descriptions to reflect the new secret management option.

• Chores

  • Refined build pipeline processes and updated ignore rules for cleaner repository management.

[coderabbitai]

Walkthrough

This pull request updates the GitHub Actions workflow to use a newer version of the artifact upload action, modifies the .gitignore file by adding .idea and .DS_Store, and extends the ListSecrets method across documentation, source code, and tests by adding a new boolean parameter. The extra parameter enables setting secrets as system properties when enabled, and the corresponding documentation and test cases have been updated accordingly.

Changes

Files	Change Summary
.github/workflows/test.yml	Updated actions/upload-artifact version from v3 to v4 in the test workflow.
.gitignore	Added entries for .idea and .DS_Store to ignore IDE and OS-specific files.
README.md, src/main/java/com/infisical/sdk/resources/SecretsClient.java, src/test/java/com/infisical/sdk/InfisicalSdkTest.java	Added Boolean setSecretsOnSystemProperties parameter to the ListSecrets method. Updated method signatures, documentation, and tests to conditionally set system properties based on retrieved secrets.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant SecretsClient
    participant System

    Client->>SecretsClient: call ListSecrets(..., setSecretsOnSystemProperties)
    alt setSecretsOnSystemProperties is true
        SecretsClient->>System: System.setProperty(secretKey, secretValue)
    end
    SecretsClient-->>Client: return List of secrets

Loading

Poem

I'm a bouncy bunny with hops so light,
Celebrating updates that feel just right.
New actions and secrets, all set in place,
Ignoring the clutter with a smile on my face.
Bugs and errors, now take a hike! 🐰
Code blooms bright—oh, what a delight!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 938b953 and fa16211.

📒 Files selected for processing (1)

• src/main/java/com/infisical/sdk/resources/SecretsClient.java (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/com/infisical/sdk/resources/SecretsClient.java

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (2)

src/test/java/com/infisical/sdk/InfisicalSdkTest.java:34

• [nitpick] Consider adding a dedicated test case that calls ListSecrets with setSecretsOnSystemProperties set to true and verifies that the corresponding system properties are set as expected.

var secrets = sdk.Secrets().ListSecrets(envVars.getProjectId(), "dev", "/", false, false, false, false);

src/main/java/com/infisical/sdk/resources/SecretsClient.java:33

• [nitpick] It would be beneficial to include inline comments explaining the side effect of setting system properties for clarity and to ensure related functionality is covered by tests.

if (setSecretsOnSystemProperties) {

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

src/main/java/com/infisical/sdk/resources/SecretsClient.java (1)

69-70: ⚠️ Potential issue

Fix potential bug in UpdateSecret method.

There appears to be a duplicated condition check with inconsistent property setting. Both lines check if newSecretName is not null, but one sets newSecretName and the other sets secretValue. The second line probably should check if newSecretValue is not null instead.

- if (newSecretName != null) inputBuilder.newSecretName(newSecretName);
- if (newSecretName != null) inputBuilder.secretValue(newSecretValue);
+ if (newSecretName != null) inputBuilder.newSecretName(newSecretName);
+ if (newSecretValue != null) inputBuilder.secretValue(newSecretValue);

🧹 Nitpick comments (1)

src/main/java/com/infisical/sdk/resources/SecretsClient.java (1)

91-91: Remove redundant check and assignment in CreateSecret method.

Line 91 unnecessarily sets the secret value that was already set on line 88 during the builder construction. If the intent is to handle empty strings differently, the check should happen before the initial builder setup.

- createSecretInput.setSecretValue(!secretValue.isEmpty() ? secretValue : "");

Or if there is a need to ensure empty strings are handled properly, move the check before the builder:

  var createSecretInput = CreateSecretInput.builder()
      .secretPath(secretPath)
      .projectId(projectId)
      .environmentSlug(environmentSlug)
-     .secretValue(secretValue)
+     .secretValue(!secretValue.isEmpty() ? secretValue : "")
      .build();

- createSecretInput.setSecretValue(!secretValue.isEmpty() ? secretValue : "");

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 188f1f1 and 938b953.

⛔ Files ignored due to path filters (1)

• .DS_Store is excluded by !**/.DS_Store

📒 Files selected for processing (5)

• .github/workflows/test.yml (1 hunks)
• .gitignore (1 hunks)
• README.md (3 hunks)
• src/main/java/com/infisical/sdk/resources/SecretsClient.java (2 hunks)
• src/test/java/com/infisical/sdk/InfisicalSdkTest.java (2 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/test/java/com/infisical/sdk/InfisicalSdkTest.java (4)

src/main/java/com/infisical/sdk/config/SdkConfig.java (1)

• SdkConfig (3-30)

src/test/java/com/infisical/sdk/util/EnvironmentVariables.java (1)

• EnvironmentVariables (6-44)

src/main/java/com/infisical/sdk/util/InfisicalException.java (1)

• InfisicalException (8-29)

src/test/java/com/infisical/sdk/util/RandomUtil.java (1)

• RandomUtil (6-21)

🔇 Additional comments (6)

.gitignore (1)

3-4: Good housekeeping additions.

Adding .idea (JetBrains IDE files) and .DS_Store (macOS system files) to the gitignore is a good practice that helps keep the repository clean.

.github/workflows/test.yml (1)

41-41: Good maintenance update.

Updating to the latest version (v4) of the upload-artifact GitHub Action follows good dependency management practices.

src/test/java/com/infisical/sdk/InfisicalSdkTest.java (1)

4-12: LGTM: Import reorganization.

The imports have been reorganized appropriately.

README.md (3)

117-119: Method signature updated correctly.

The ListSecrets method signature has been updated to include the new parameter.

---

132-133: Example usage is clear and well-documented.

The example usage now includes the new parameter with a descriptive comment explaining its purpose.

---

143-143: Parameter documentation is thorough.

The added parameter documentation clearly explains the purpose and behavior of the new setSecretsOnSystemProperties parameter.

[carlosmonastyrski]

LGTM!