Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

amber: init at 0.1.1 #138159

Merged
merged 3 commits into from
Sep 20, 2021
Merged

amber: init at 0.1.1 #138159

merged 3 commits into from
Sep 20, 2021

Conversation

psibi
Copy link
Member

@psibi psibi commented Sep 16, 2021

Motivation for this change

This tools allows for easily managing secrets in a repo. Tested it locally on a NixOS machine:

❯ amber
amber 0.1.1
Utility to store encrypted secrets in version trackable plain text files

USAGE:
    amber [FLAGS] [OPTIONS] <SUBCOMMAND>

FLAGS:
    -h, --help        Prints help information
        --unmasked    Disable masking of secret values during exec
    -v, --verbose     Turn on verbose output
    -V, --version     Prints version information

OPTIONS:
        --amber-yaml <amber-yaml>    amber.yaml file location [env: AMBER_YAML=] [default:
                                     amber.yaml]

SUBCOMMANDS:
    encrypt     Add or update a secret
    exec        Run a command with all of the secrets set as environment variables
    generate    Generate a new strong secret value, and add it to the repository
    help        Prints this message or the help of the given subcommand(s)
    init        Initialize a new directory
    print       Print all of the secrets
    remove      Remove a secret
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • 21.11 Release Notes (or backporting 21.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Copy link
Member

@figsoda figsoda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

package is not added to all-packages.nix, also commit message should be amber-secret: init at 0.1.1

pkgs/tools/security/amber/default.nix Outdated Show resolved Hide resolved
Copy link
Member

@figsoda figsoda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe the file name should be amber-secret instead of amber? otherwise lgtm

@psibi
Copy link
Member Author

psibi commented Sep 17, 2021

Thanks @figsoda for the review!

maybe the file name should be amber-secret instead of amber?

I can change that if you feel strongly. But the reason I have kept it as amber is because:

  • amber is the name of the project
  • I'm using amber-secret because there is already another package named amber in the nixpkgs repo.

@figsoda
Copy link
Member

figsoda commented Sep 17, 2021

fair enough

@figsoda
Copy link
Member

figsoda commented Sep 18, 2021

darwin build failed, i think you need CoreFoundation and Security in buildInputs, inherited from darwin.apple_sdk.frameworks inside all-packages.nix

@figsoda
Copy link
Member

figsoda commented Sep 20, 2021

@ofborg build amber-secret

@figsoda
Copy link
Member

figsoda commented Sep 20, 2021

Result of nixpkgs-review pr 138159 run on x86_64-linux 1

1 package built:
  • amber-secret

@figsoda figsoda merged commit 23acc56 into NixOS:master Sep 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants