Adds the ability to alias/map secrets

lib/kamal/configuration/docs/env.yml

@@ -51,6 +51,30 @@ env:
   secret:
     - DB_PASSWORD
 
+# Aliased secrets
+#
+# You can also alias secrets to other secrets using a `:` separator.
+#
+# This is useful when the ENV name is different from the secret name. For example, if you have two
+# places where you need to define the ENV variable `DB_PASSWORD`, but the value is different depending
+# on the context.
+#
+# ```shell
+# SECRETS=$(kamal secrets fetch ...)
+#
+# MAIN_DB_PASSWORD=$(kamal secrets extract MAIN_DB_PASSWORD $SECRETS)
+# SECONDARY_DB_PASSWORD=$(kamal secrets extract SECONDARY_DB_PASSWORD $SECRETS)
+# ```
+accessories:
+  main_db_accessory:
+    env:
+      secret:
+        - DB_PASSWORD:MAIN_DB_PASSWORD
+  secondary_db_accessory:
+    env:
+      secret:
+        - DB_PASSWORD:SECONDARY_DB_PASSWORD
+
 # Tags
 #
 # Tags are used to add extra env variables to specific hosts.

lib/kamal/configuration/env.rb

@@ -18,7 +18,7 @@ class Kamal::Configuration::Env
   end
 
   def secrets_io
-    Kamal::EnvFile.new(secret_keys.to_h { |key| [ key, secrets[key] ] }).to_io
+    Kamal::EnvFile.new(secrets_hash).to_io
   end
 
   def merge(other)
@@ -26,4 +26,12 @@ class Kamal::Configuration::Env
       config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
       secrets: secrets
   end
+
+  private
+    def secrets_hash
+      secret_keys.to_h do |key|
+        key_name, key_aliased_to = key.split(":")
+        [ key_name, secrets[key_aliased_to || key_name] ]
+      end
+    end
 end