feat: support filtering secrets by branch (#33)

netlify · Mar 9, 2022 · ccb1056 · ccb1056
1 parent 2d09ef8
commit ccb1056
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -64,7 +64,9 @@ package = "@netlify/plugin-secrets-manager"
 ## Context based secrets
 
 The plugin has support for context based secrets, to allow injecting AWS secrets only to builds with a specific deploy context.
-To configure the context for a secret, add a secret tag via AWS secrets manager with a name of `NETLIFY_CONTEXT` and value of `production`, `deploy-preview` or `branch-deploy`.
+To configure the context for a secret, add a secret tag via AWS secrets manager with a name of `NETLIFY_CONTEXT` and value of `production`, `deploy-preview`, `branch-deploy` or any branch name in your `git` repository.
+
+>To learn more about deploy contexts, visit [Netlify's documentation](https://docs.netlify.com/site-deploys/overview/#deploy-contexts)
 
 As a result, the plugin will inject the AWS secret only to builds with the matching deploy context.
 

diff --git a/src/main.js b/src/main.js
@@ -69,7 +69,9 @@ module.exports = {
       NETLIFY_AWS_SECRET_ACCESS_KEY: secretAccessKey,
       NETLIFY_AWS_DEFAULT_REGION: region = 'us-east-1',
       CONTEXT,
+      HEAD,
     } = process.env
+
     if (!accessKeyId) {
       return utils.build.failBuild(`Missing environment variable NETLIFY_AWS_ACCESS_KEY_ID`)
     }
@@ -95,12 +97,14 @@ module.exports = {
         return
       }
 
-      // inject only to matching context
-      if (CONTEXT === context) {
+      // inject only to matching context/branch
+      const matchedContext = CONTEXT === context
+      const matchedBranch = HEAD === context
+      if (matchedContext || matchedBranch) {
         console.log(
-          `${chalk.bold('Injecting AWS secret')} ${chalk.magenta(`${key}`)} as ${chalk.green(
-            prefixedKey,
-          )} to context ${chalk.yellow(context)}`,
+          `${chalk.bold('Injecting AWS secret')} ${chalk.magenta(`${key}`)} as ${chalk.green(prefixedKey)} to ${
+            matchedContext ? 'context' : 'branch'
+          } ${chalk.yellow(context)}`,
         )
         /* eslint-disable-next-line no-param-reassign */
         netlifyConfig.build.environment[prefixedKey] = value