spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add secrets-common for shared secrets

Browse Source 
Add a shared secrets file used across all destinations. Useful for
things Github tokens or registry passwords.

The secrets are added to a new file called `secrets-common` to highlight
they are shared, and to avoid acciedentally inheriting a secret from the
`secrets` file to `secrets.destination`.
This commit is contained in:
Donal McBreen
2024-09-11 13:38:18 +01:00
parent c9946808b1
commit 9089c41f30
4 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/kamal/secrets.rb
View File

@@ -1,19 +1,20 @@
require "dotenv"
class Kamal::Secrets
attr_reader :secrets_file
attr_reader :secrets_files
Kamal::Secrets::Dotenv::InlineCommandSubstitution.install!
def initialize(destination: nil)
@secrets_file = [ *(".kamal/secrets.#{destination}" if destination), ".kamal/secrets" ].find { |f| File.exist?(f) }
@secrets_files = \
[ ".kamal/secrets-common", ".kamal/secrets#{(".#{destination}" if destination)}" ].select { |f| File.exist?(f) }
end
def [](key)
secrets.fetch(key)
rescue KeyError
if secrets_file
raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_file}"
if secrets_files
raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"
else
raise Kamal::ConfigurationError, "Secret '#{key}' not found, no secret files provided"
end
@@ -25,14 +26,8 @@ class Kamal::Secrets
private
def secrets
@secrets ||= parse_secrets
end
def parse_secrets
if secrets_file
::Dotenv.parse(secrets_file)
else
{}
@secrets ||= secrets_files.inject({}) do |secrets, secrets_file|
secrets.merge!(::Dotenv.parse(secrets_file))
end
end
end