Merge pull request #1439 from matthewbjones/feature/aliased-secrets
Adds the ability to alias/map secrets
This commit is contained in:
Donal McBreen
@@ -51,6 +51,30 @@ env:
|
|||||||
secret:
|
secret:
|
||||||
- DB_PASSWORD
|
- DB_PASSWORD
|
||||||
|
|
||||||
|
# Aliased secrets
|
||||||
|
#
|
||||||
|
# You can also alias secrets to other secrets using a `:` separator.
|
||||||
|
#
|
||||||
|
# This is useful when the ENV name is different from the secret name. For example, if you have two
|
||||||
|
# places where you need to define the ENV variable `DB_PASSWORD`, but the value is different depending
|
||||||
|
# on the context.
|
||||||
|
#
|
||||||
|
# ```shell
|
||||||
|
# SECRETS=$(kamal secrets fetch ...)
|
||||||
|
#
|
||||||
|
# MAIN_DB_PASSWORD=$(kamal secrets extract MAIN_DB_PASSWORD $SECRETS)
|
||||||
|
# SECONDARY_DB_PASSWORD=$(kamal secrets extract SECONDARY_DB_PASSWORD $SECRETS)
|
||||||
|
# ```
|
||||||
|
accessories:
|
||||||
|
main_db_accessory:
|
||||||
|
env:
|
||||||
|
secret:
|
||||||
|
- DB_PASSWORD:MAIN_DB_PASSWORD
|
||||||
|
secondary_db_accessory:
|
||||||
|
env:
|
||||||
|
secret:
|
||||||
|
- DB_PASSWORD:SECONDARY_DB_PASSWORD
|
||||||
|
|
||||||
# Tags
|
# Tags
|
||||||
#
|
#
|
||||||
# Tags are used to add extra env variables to specific hosts.
|
# Tags are used to add extra env variables to specific hosts.
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ class Kamal::Configuration::Env
|
|||||||
end
|
end
|
||||||
|
|
||||||
def secrets_io
|
def secrets_io
|
||||||
Kamal::EnvFile.new(secret_keys.to_h { |key| [ key, secrets[key] ] }).to_io
|
Kamal::EnvFile.new(secrets_hash).to_io
|
||||||
end
|
end
|
||||||
|
|
||||||
def merge(other)
|
def merge(other)
|
||||||
@@ -26,4 +26,12 @@ class Kamal::Configuration::Env
|
|||||||
config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
|
config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
|
||||||
secrets: secrets
|
secrets: secrets
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
def secrets_hash
|
||||||
|
secret_keys.to_h do |key|
|
||||||
|
key_name, key_aliased_to = key.split(":")
|
||||||
|
[ key_name, secrets[key_aliased_to || key_name] ]
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -48,6 +48,20 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "aliased secrets" do
|
||||||
|
with_test_secrets("secrets" => "ALIASED_PASSWORD=hello") do
|
||||||
|
config = {
|
||||||
|
"secret" => [ "PASSWORD:ALIASED_PASSWORD" ],
|
||||||
|
"clear" => {}
|
||||||
|
}
|
||||||
|
|
||||||
|
assert_config \
|
||||||
|
config: config,
|
||||||
|
clear: {},
|
||||||
|
secrets: { "PASSWORD" => "hello" }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
def assert_config(config:, clear: {}, secrets: {})
|
def assert_config(config:, clear: {}, secrets: {})
|
||||||
env = Kamal::Configuration::Env.new config: config, secrets: Kamal::Secrets.new
|
env = Kamal::Configuration::Env.new config: config, secrets: Kamal::Secrets.new
|
||||||
|
|||||||
Reference in New Issue
Block a user