spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds the ability to alias/map secrets

Browse Source
This commit is contained in:
Matthew Jones
2025-03-02 09:27:50 -07:00
parent 62dfa45ee6
commit 973fa1a7ff
3 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/kamal/configuration/docs/env.yml
View File

@@ -51,6 +51,30 @@ env:
secret: secret:
- DB_PASSWORD - DB_PASSWORD
# Aliased secrets
#
# You can also alias secrets to other secrets using a `:` separator.
#
# This is useful when the ENV name is different from the secret name. For example, if you have two
# places where you need to define the ENV variable `DB_PASSWORD`, but the value is different depending
# on the context.
#
# ```shell
# SECRETS=$(kamal secrets fetch ...)
#
# MAIN_DB_PASSWORD=$(kamal secrets extract MAIN_DB_PASSWORD $SECRETS)
# SECONDARY_DB_PASSWORD=$(kamal secrets extract SECONDARY_DB_PASSWORD $SECRETS)
# ```
accessories:
main_db_accessory:
env:
secret:
- DB_PASSWORD:MAIN_DB_PASSWORD
secondary_db_accessory:
env:
secret:
- DB_PASSWORD:SECONDARY_DB_PASSWORD
# Tags # Tags
# #
# Tags are used to add extra env variables to specific hosts. # Tags are used to add extra env variables to specific hosts.

10
lib/kamal/configuration/env.rb
View File

@@ -18,7 +18,7 @@ class Kamal::Configuration::Env
end end
def secrets_io def secrets_io
Kamal::EnvFile.new(secret_keys.to_h { |key| [ key, secrets[key] ] }).to_io Kamal::EnvFile.new(secrets_hash).to_io
end end
def merge(other) def merge(other)
@@ -26,4 +26,12 @@ class Kamal::Configuration::Env
config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys }, config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
secrets: secrets secrets: secrets
end end
private
def secrets_hash
secret_keys.to_h do |key|
key_name, key_aliased_to = key.split(":")
[ key_name, secrets[key_aliased_to || key_name] ]
end
end
end end

14
test/configuration/env_test.rb
View File

@@ -48,6 +48,20 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
end end
end end
test "aliased secrets" do
with_test_secrets("secrets" => "ALIASED_PASSWORD=hello") do
config = {
"secret" => [ "PASSWORD:ALIASED_PASSWORD" ],
"clear" => {}
}
assert_config \
config: config,
clear: {},
secrets: { "PASSWORD" => "hello" }
end
end
private private
def assert_config(config:, clear: {}, secrets: {}) def assert_config(config:, clear: {}, secrets: {})
env = Kamal::Configuration::Env.new config: config, secrets: Kamal::Secrets.new env = Kamal::Configuration::Env.new config: config, secrets: Kamal::Secrets.new