Skip to content
This repository was archived by the owner on Feb 16, 2023. It is now read-only.

Commit 7815e07

Browse files
Marton6Marton6
committed
Implement substitution of os env vars with the 'secrethub://' prefix
1 parent a1e1fce commit 7815e07

1 file changed

Lines changed: 47 additions & 5 deletions

File tree

internals/secrethub/run.go

Lines changed: 47 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,11 @@ func (cmd *RunCommand) Run() error {
110110
// Parse
111111
envSources := []EnvSource{}
112112

113+
osEnv, passthroughEnv := parseKeyValueStringsToMap(os.Environ())
114+
115+
osEnvSource := NewOsEnvSource(osEnv)
116+
envSources = append(envSources, osEnvSource)
117+
113118
// TODO: Validate the flags when parsing by implementing the Flag interface for EnvFlags.
114119
flagSource, err := NewEnvFlags(cmd.envar)
115120
if err != nil {
@@ -129,11 +134,6 @@ func (cmd *RunCommand) Run() error {
129134
}
130135
}
131136

132-
osEnv, passthroughEnv := parseKeyValueStringsToMap(os.Environ())
133-
if err != nil {
134-
return err
135-
}
136-
137137
if cmd.envFile != "" {
138138
templateVariableReader, err := newVariableReader(osEnv, cmd.templateVars)
139139
if err != nil {
@@ -422,6 +422,48 @@ func ReadEnvFile(filepath string, varReader tpl.VariableReader, parser tpl.Parse
422422
}, nil
423423
}
424424

425+
// OsEnv is an environment with secrets configured with the
426+
// secrethub:// syntax in the os environment variables.
427+
type OsEnv struct {
428+
envVars map[string]string
429+
}
430+
431+
// NewOsEnvSource returns an environment with secrets configured in the
432+
// os environment with the secrethub:// syntax.
433+
func NewOsEnvSource(osEnv map[string]string) *OsEnv {
434+
envVars := make(map[string]string)
435+
for key, value := range osEnv {
436+
if strings.HasPrefix(value, "secrethub://") {
437+
envVars[key] = strings.TrimPrefix(value, "secrethub://")
438+
}
439+
}
440+
return &OsEnv{
441+
envVars: envVars,
442+
}
443+
}
444+
445+
// Env returns a map of key value pairs with the secrets configured with the
446+
// secrethub:// syntax.
447+
func (env *OsEnv) Env(secrets map[string]string, _ tpl.SecretReader) (map[string]string, error) {
448+
envVarsWithSecrets := make(map[string]string)
449+
for key, path := range env.envVars {
450+
envVarsWithSecrets[key] = secrets[path]
451+
}
452+
return envVarsWithSecrets, nil
453+
}
454+
455+
// Secrets returns a slice of secrets used in the environment, namely the ones
456+
// configured with the secrethub:// syntax.
457+
func (env *OsEnv) Secrets() []string {
458+
secrets := make([]string, len(env.envVars))
459+
i := 0
460+
for _, path := range env.envVars {
461+
secrets[i] = path
462+
i++
463+
}
464+
return secrets
465+
}
466+
425467
// EnvFile contains an environment that is read from a file.
426468
type EnvFile struct {
427469
path string

0 commit comments

Comments
 (0)