feat: updates snaplet to ensure COPYCAT_SECRET

[Gowiem]

Info

• Updates snaplet:capture to ensure we have the COPYCAT_SECRET env var set before running that task. This is required as it is the encryption seed for copycat usage within Snaplet.
• Updates our snaplet vars so they incorporate the SNAPSHOT_ENV var and fixes support for overriding their values.
• Introduces the .env.taskit-secrets file which is used to store local secrets in a taskit repository that should not be checked into git. This is added to our gitignore script + the dotenv items of our Taskfile.dist.yaml so we now have a pattern for sharing secrets easily with taskit.

References

• This is in conjunction with our work in another PR that will be up shortly and will be linked below.

[kevcube]

lgtm but not 100% sure about taskfile syntax

also wondering what is the COPYCAT_SECRET needed for?? Doesn't copycat just generate fake email/other PII? I hope they don't have an API that you have to pay to request bogus@bogus.com

Edit: I should read PR descriptions instead of just files changed

[kevcube]

Where is taskit/snaplet typically run? Can we pass these in a way other than .env files?

[kevcube]

I'm wondering for 12-factor purposes, but it looks like taskfile is the one handling the .env import rather than us, so any 12-factor concerns are left on their plate, which I'm cool with

[Gowiem]

We're typically running snaplet tasks in our client infra project where these files are either present or in the case of the taskit-secrets file it can be created easily if needed. If these files don't exist, task / taskit works as normal. They're purely optional and supplementary which works nicely if we are using taskit in a project that doesn't use the snaplet:* tasks.

[kevcube]

this {{.name}} syntax is how you reference env variables in taskfile?

[Gowiem]

Yeah, more info here: https://taskfile.dev/usage/#variables

[Gowiem]

also wondering what is the COPYCAT_SECRET needed for?? Doesn't copycat just generate fake email/other PII? I hope they don't have an API that you have to pay to request bogus@bogus.com

Copycat is a small open source project from the folks at Snaplet: https://github.com/snaplet/copycat. Without setting that env var, you get a message from snaplet on each capture run like this: https://share.cleanshot.com/lRy4J0nY. More info here: https://github.com/snaplet/copycat#working-with-pii-personal-identifiable-information

This work to ensure that env var is set is so that we just quiet down that warning AND provide a means by which we can easily pass secrets to taskit going forward. I could see this new pattern evolving in the future where we passing a SOPS file and taskit is responsible for pulling all the secrets from that SOPS file given that the invoker has access to the key to decrypt. But that is a possible future if we need to build this out further, for now this is a fast path towards done and leaves us open to using it elsewhere.

[Gowiem]

Edit: I should read PR descriptions instead of just files changed

@kevcube you know I love a good PR description ❤️

[Gowiem]

Edit: I should read PR descriptions instead of just files changed

@kevcube you know I love a good PR description ❤️