Add bolt secret set command

CHANGELOG.md

@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   **Infra** New `job-runner` crate responsible for managing the OCI bundle runtime & log shipping on the machine
 -   **Infra** Jobs now log an explicit rate message when logs are rate limited & truncated
 -   **Infra** `infra-artifacts` Terraform plan & S3 bucket used for automating building & uploading internal binaries, etc.
+-   **Bolt** `bolt secret set <path> <value>` command
 
 ### Changed
 

infra/tf/modules/write_secret/main.tf

@@ -0,0 +1,10 @@
+resource "null_resource" "example" {
+	triggers = var.triggers
+
+	provisioner "local-exec" {
+		# HACK: jsonencode is an imperfect encoding of strings to safe encoding in bash
+		command = "bolt secret set ${jsonencode(var.path)} ${jsonencode(var.value)}"
+	}
+}
+
+

infra/tf/modules/write_secret/vars.tf

@@ -0,0 +1,11 @@
+variable "triggers" {
+	type = map(string)
+}
+
+variable "path" {
+	type = string
+}
+
+variable "value" {
+	type = string
+}

lib/bolt/cli/Cargo.toml

@@ -11,6 +11,8 @@ bolt-core = { path = "../core" }
 chrono = "0.4"
 clap = { version = "4.3", features = ["derive", "env"] }
 duct = "0.13"
+rivet-term = { git = "https://github.com/rivet-gg/rivet-term.git", rev = "7cf60c225f00eb40d212cec673f09ac47d13d295" }
 serde_json = "1.0"
 tempfile = "3.2"
 tokio = { version = "1.29", features = ["full"] }
+toml_edit = "0.19.0"

lib/bolt/cli/src/commands/secret.rs

@@ -1,5 +1,6 @@
 use anyhow::*;
 use bolt_core::context::ProjectContext;
+use bolt_core::tasks::config::ConfigGenerator;
 use clap::{Parser, ValueEnum};
 use serde_json::json;
 
@@ -18,6 +19,12 @@ pub enum SubCommand {
 		#[clap(long, value_parser)]
 		format: Option<Format>,
 	},
+	Set {
+		#[clap(index = 1)]
+		path: String,
+		#[clap(index = 2)]
+		value: String,
+	},
 }
 
 impl SubCommand {
@@ -49,6 +56,14 @@ impl SubCommand {
 					Some(Format::Json) => println!("{}", json!({ "value": value })),
 				}
 			}
+			Self::Set { path, value } => {
+				let path = path.split("/").collect::<Vec<_>>();
+
+				let mut generator =
+					ConfigGenerator::new(rivet_term::terminal(), ctx.path(), ctx.ns_id()).await?;
+				generator.set_secret(&path, toml_edit::value(value)).await?;
+				generator.write().await?;
+			}
 		}
 
 		Ok(())

lib/bolt/core/src/tasks/config/generate.rs

@@ -23,7 +23,7 @@ const NS_CONFIG_COMMENT: &str = r#"# Documentation: doc/bolt/config/NAMESPACE.md
 "#;
 
 /// Helper for generating configs.
-struct ConfigGenerator {
+pub struct ConfigGenerator {
 	term: rivet_term::console::Term,
 
 	#[allow(unused)]
@@ -41,7 +41,7 @@ struct ConfigGenerator {
 }
 
 impl ConfigGenerator {
-	async fn new(
+	pub async fn new(
 		term: rivet_term::console::Term,
 		project_path: &Path,
 		ns_id: impl ToString,
@@ -80,7 +80,7 @@ impl ConfigGenerator {
 	}
 
 	// Writes the config to the respective files.
-	async fn write(&mut self) -> Result<()> {
+	pub async fn write(&mut self) -> Result<()> {
 		// Prepend comment
 		let mut ns_str = self.ns.to_string();
 		if self.is_new {
@@ -145,6 +145,13 @@ impl ConfigGenerator {
 	// 	Ok(())
 	// }
 
+	/// Sets & overrides a secret.
+	pub async fn set_secret(&mut self, path: &[&str], value: toml_edit::Item) -> Result<()> {
+		write_value(self.secrets.as_item_mut(), path, value);
+
+		Ok(())
+	}
+
 	/// Inserts a secret value if does not exist.
 	async fn generate_secret<Fut>(
 		&mut self,

lib/bolt/core/src/tasks/config/mod.rs

@@ -7,7 +7,7 @@ use crate::context;
 mod generate;
 mod generate_default_regions;
 
-pub use generate::generate;
+pub use generate::{generate, ConfigGenerator};
 pub use generate_default_regions::generate_default_regions;
 
 /// Updates the namespace in `Bolt.local.toml`.