spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ability to alias secrets for tags

Browse Source 
Aliasing for secrets was introduced in #1439, but only supported
"top-level" secrets. This adds support for aliasing/mapping secrets
for tags.
This commit is contained in:
Camillo Visini
2025-03-22 12:07:22 +01:00
parent 58e23f9167
commit c1d8ce7f70
3 changed files with 42 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/kamal/configuration/docs/env.yml
View File

@@ -65,6 +65,13 @@ env:
# MAIN_DB_PASSWORD=$(kamal secrets extract MAIN_DB_PASSWORD $SECRETS)
# SECONDARY_DB_PASSWORD=$(kamal secrets extract SECONDARY_DB_PASSWORD $SECRETS)
# ```
env:
secret:
- DB_PASSWORD:MAIN_DB_PASSWORD
tags:
secondary_db:
secret:
- DB_PASSWORD:SECONDARY_DB_PASSWORD
accessories:
main_db_accessory:
env:

24
lib/kamal/configuration/env.rb
View File

@@ -1,7 +1,7 @@
class Kamal::Configuration::Env
include Kamal::Configuration::Validation
attr_reader :context, :secrets
attr_reader :context
attr_reader :clear, :secret_keys
delegate :argumentize, to: Kamal::Utils
@@ -11,27 +11,37 @@ class Kamal::Configuration::Env
@secret_keys = config.fetch("secret", [])
@context = context
validate! config, context: context, with: Kamal::Configuration::Validator::Env
@secret_map = build_secret_map(@secret_keys)
end
def clear_args
argumentize("--env", clear)
end
def secrets
@resolved_secrets ||= resolve_secrets
end
def secrets_io
Kamal::EnvFile.new(secrets_hash).to_io
Kamal::EnvFile.new(secrets).to_io
end
def merge(other)
self.class.new \
config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
secrets: secrets
secrets: @secrets
end
private
def secrets_hash
secret_keys.to_h do |key|
key_name, key_aliased_to = key.split(":")
[ key_name, secrets[key_aliased_to || key_name] ]
def build_secret_map(secret_keys)
Array(secret_keys).to_h do |key|
key_name, key_aliased_to = key.split(":", 2)
key_aliased_to ||= key_name
[ key_name, key_aliased_to ]
end
end
def resolve_secrets
@secret_map.transform_values { |secret_key| @secrets[secret_key] }
end
end