add ability to dump secrets to dotenv or json
+80
+80
cmd/secrets.go
+80
cmd/secrets.go
···
1
1
package cmd
2
2
3
3
import (
4
+
"bytes"
5
+
"encoding/json"
4
6
"errors"
5
7
"fmt"
8
+
"io"
6
9
"os"
7
10
"os/exec"
8
11
"path/filepath"
9
12
13
+
"github.com/getsops/sops/v3/decrypt"
14
+
"github.com/joho/godotenv"
10
15
"github.com/pomdtr/smallweb/app"
11
16
"github.com/spf13/cobra"
12
17
)
···
14
19
func NewCmdSecrets() *cobra.Command {
15
20
var flags struct {
16
21
global bool
22
+
json bool
23
+
dotenv bool
17
24
updateKeys bool
18
25
}
19
26
···
78
85
79
86
if flags.global {
80
87
globalSecretsPath := filepath.Join(k.String("dir"), ".smallweb", "secrets.enc.env")
88
+
if flags.json {
89
+
return dumpAsJSON(os.Stdout, globalSecretsPath)
90
+
}
91
+
92
+
if flags.dotenv {
93
+
return dumpAsDotenv(os.Stdout, globalSecretsPath)
94
+
}
81
95
82
96
c := exec.Command("sops", globalSecretsPath)
83
97
c.Dir = k.String("dir")
···
99
113
100
114
if len(args) == 1 {
101
115
secretsPath := filepath.Join(k.String("dir"), args[0], "secrets.enc.env")
116
+
if flags.json {
117
+
return dumpAsJSON(os.Stdout, secretsPath)
118
+
}
119
+
120
+
if flags.dotenv {
121
+
return dumpAsDotenv(os.Stdout, secretsPath)
122
+
}
123
+
102
124
c := exec.Command("sops", secretsPath)
103
125
c.Dir = k.String("dir")
104
126
c.Stdin = os.Stdin
···
127
149
}
128
150
129
151
secretPath := filepath.Join(wd, "secrets.enc.env")
152
+
153
+
if flags.json {
154
+
return dumpAsJSON(os.Stdout, secretPath)
155
+
}
156
+
157
+
if flags.dotenv {
158
+
return dumpAsDotenv(os.Stdout, secretPath)
159
+
}
160
+
130
161
c := exec.Command("sops", secretPath)
131
162
c.Dir = k.String("dir")
132
163
c.Stdin = os.Stdin
···
143
174
144
175
cmd.Flags().BoolVarP(&flags.global, "global", "g", false, "Set global secrets")
145
176
cmd.Flags().BoolVar(&flags.updateKeys, "update-keys", false, "Update all keys")
177
+
cmd.Flags().BoolVar(&flags.json, "json", false, "Output as JSON")
178
+
cmd.Flags().BoolVar(&flags.dotenv, "dotenv", false, "Output as dotenv")
179
+
180
+
cmd.MarkFlagsMutuallyExclusive("json", "update-keys")
181
+
cmd.MarkFlagsMutuallyExclusive("dotenv", "update-keys")
182
+
cmd.MarkFlagsMutuallyExclusive("json", "dotenv")
146
183
147
184
return cmd
185
+
}
186
+
187
+
func dumpAsDotenv(w io.Writer, secretPath string) error {
188
+
secretBytes, err := os.ReadFile(secretPath)
189
+
if err != nil {
190
+
return fmt.Errorf("failed to read: %w", err)
191
+
}
192
+
193
+
dotenvBytes, err := decrypt.Data(secretBytes, "dotenv")
194
+
if err != nil {
195
+
return fmt.Errorf("failed to decrypt: %w", err)
196
+
}
197
+
198
+
if _, err := w.Write(dotenvBytes); err != nil {
199
+
return fmt.Errorf("failed to write: %w", err)
200
+
}
201
+
202
+
return nil
203
+
}
204
+
205
+
func dumpAsJSON(w io.Writer, secretPath string) error {
206
+
secretBytes, err := os.ReadFile(secretPath)
207
+
if err != nil {
208
+
return fmt.Errorf("failed to read: %w", err)
209
+
}
210
+
211
+
dotenvBytes, err := decrypt.Data(secretBytes, "dotenv")
212
+
if err != nil {
213
+
return fmt.Errorf("failed to decrypt: %w", err)
214
+
}
215
+
216
+
dotenv, err := godotenv.Parse(bytes.NewReader(dotenvBytes))
217
+
if err != nil {
218
+
return fmt.Errorf("failed to parse: %w", err)
219
+
}
220
+
221
+
encoder := json.NewEncoder(w)
222
+
encoder.SetIndent("", " ")
223
+
if err := encoder.Encode(dotenv); err != nil {
224
+
return fmt.Errorf("failed to encode: %w", err)
225
+
}
226
+
227
+
return nil
148
228
}
149
229
150
230
func checkSOPS() error {