spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make --account optional and pass Enpass vault in --from

Browse Source
This commit is contained in:
Aleksandr Lossenko
2024-11-07 18:13:37 +01:00
parent c9dec8c79a
commit 79bc7584ca
3 changed files with 19 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/kamal/cli/secrets.rb
View File

@@ -1,7 +1,7 @@
class Kamal::Cli::Secrets < Kamal::Cli::Base
desc "fetch [SECRETS...]", "Fetch secrets from a vault"
option :adapter, type: :string, aliases: "-a", required: true, desc: "Which vault adapter to use"
option :account, type: :string, required: true, desc: "The account identifier or username"
option :account, type: :string, required: false, desc: "The account identifier or username"
option :from, type: :string, required: false, desc: "A vault or folder to fetch the secrets from"
option :inline, type: :boolean, required: false, hidden: true
def fetch(*secrets)

25
lib/kamal/secrets/adapters/enpass.rb
View File

@@ -1,19 +1,24 @@
##
# Enpass is different from most password managers, in a way that it's offline. A path to a vault is treated as account.
# Enpass is different from most password managers, in a way that it's offline and doesn't need an account.
#
# Pass it like so: `kamal secrets fetch --adapter enpass --account /Users/YOUR_USERNAME/Library/Containers/in.sinew.Enpass-Desktop/Data/Documents/Vaults/primary --from MY_PROD_SERVER`
# Usage
#
# Fetch all password from FooBar item
# `kamal secrets fetch --adapter enpass --from /Users/YOUR_USERNAME/Library/Containers/in.sinew.Enpass-Desktop/Data/Documents/Vaults/primary FooBar`
#
# Fetch only DB_PASSWORD from FooBar item
# `kamal secrets fetch --adapter enpass --from /Users/YOUR_USERNAME/Library/Containers/in.sinew.Enpass-Desktop/Data/Documents/Vaults/primary FooBar/DB_PASSWORD`
class Kamal::Secrets::Adapters::Enpass < Kamal::Secrets::Adapters::Base
private
def login(account)
# There is no concept of session in enpass-cli
true
end
def fetch(secrets, account: nil, from:)
check_dependencies!
fetch_secrets(secrets, from)
end
def fetch_secrets(secrets, account:, session:)
private
def fetch_secrets(secrets, vault)
secrets_titles = fetch_secret_titles(secrets)
# Enpass outputs result as stderr, I did not find a way to stub backticks and output to stderr. Open3 did the job.
result = `enpass-cli -json -vault #{account.shellescape} show #{secrets.map(&:shellescape).join(" ")}`.strip
result = `enpass-cli -json -vault #{vault.shellescape} show #{secrets_titles.map(&:shellescape).join(" ")}`.strip
parse_result_and_take_secrets(result, secrets)
end