-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simply and clarify the secret fetching process #33
Conversation
SecretDefinitions, which contain relevant data around fetching a specified set of secrets. Added more tests to support functionality and improve coverage
@robison I updated the README to reflect these changes. |
|
||
// SecretFetcher inspects the environment for variables that | ||
// define secret definitions. The variables are used to guide | ||
// the SecretFetcher in acquring and outputting the specified secrets |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo
parallelReader.AsyncRequestKeyPath(secretPath) | ||
secretResult := parallelReader.ReadSecretResult() | ||
def := &SecretDefinition{ | ||
envkey: envKey, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: keep compound word vars camel case? envKey
continue | ||
} | ||
|
||
// look for a corresponding secretDestinationPrefix key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we're going to say that case doesn't matter, I suggest making it not matter at all within the string. For example, this code currently only equates "SUFFIX" and "suffix".
If the case differs in a substring, e.g. "SUFFIX" and "SUFfix", this code wont match. I personally prefer vars to be truly case sensitive. But as it is, it's neither truly case sensitive nor insensitive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like lines changed since my comment. I'll let you figure it out and whether you want to change it :)
|
||
--- | ||
|
||
**Plurar Secrets** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
l
This PR simplifies the secret fetching process with the introduction of
SecretDefinitions
, which contain relevant data around fetching a specified set of secrets.Externally, a Secret Definition is defined via:
VAULT_SECRET_THING=my/vault/path/to/a/key
either with a correspondingDAYTONA_SECRET_DESTINATION_THING=/path/to/output
or a-secret-env
argument. Please note that the suffix is no longer required to match the final key name in the vault path.Before this change, note that the suffix
THING
inVAULT_SECRET_THING
was required to match the key name of the vault path:This PR introduces arbitrary suffix identifiers:
Secret Definition Decoder Guide
VAULT_SECRET_
: Singular Secret Storage Path PrefixVAULT_SECRETS_
: Plural Secret Storage Path PrefixDAYTONA_SECRET_DESTINATION_
: Secret Destination PrefixsecretID-SUFFIX
: The unique secret identifier that can be used to tie a Secret Storage Path Prefix to a corresponding destination prefixSingular Secrets
VAULT_SECRET_<secretID-SUFFIX>=<SECRET-APEX>
DAYTONA_SECRET_DESTINATION_<secretID-SUFFIX>=<FILE-PATH>
This PR also now enables support for using Plural Secret Storage Path Prefixes
VAULT_SECRETS_<secretID-SUFFIX>
with Secret Destination PrefixesDAYTONA_SECRET_DESTINATION_
, which intended to deprecate the-secret-path
command line flag.Thank you @robison for authoring the additional tests.