For example user story: As a user I can specify an environment name of my choosing whilst storing a secret, perhaps with a default. When accesing a secret, the default environment is used.
e.g. Interface
(base) (environment)$ ./amber --verbose encrypt
error: The following required arguments were not provided:
<ENVIRONMENT>
<KEY>
USAGE:
amber encrypt [OPTIONS] <ENVIRONMENT> <KEY> [VALUE]
For more information try --help
(base) (environment)$ ./amber --verbose encrypt staging API_KEY secret
[2022-01-01T22:16:45Z DEBUG amber] Cmd { opt: Opt { verbose: true, amber_yaml: None, unmasked: false }, sub: Encrypt { environment: "staging", key: "API_KEY", value: Some("secret") } }
[2022-01-01T22:16:45Z DEBUG amber::cli] Checking if file "amber.yaml" exists
[2022-01-01T22:16:45Z INFO amber::config] New value matches old value, doing nothing
(base) (environment)$
Possible structure: (Note the additon of "environment")
---
file_format_version: 2
public_key: 7801a1206e8e339c396a990bdd758dcccce9d1e8846b3a08b8329d3925adf801
secrets:
- name: API_KEY
environment: staging
sha256: 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b
cipher: 104b00746ab5a029ee6c693e33d6cee116163b695d5ed685e1e8428984f5105012e3741ec89d4e944c4f02209762f11f69f6eed17be7
- name: API_KEY
environment: production
sha256: 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b
cipher: 104b00746ab5a029ee6c693e33d6cee116163b695d5ed685e1e8428984f5105012e3741ec89d4e944c4f02209762f11f69f6eed17be7
Motivations
- Secrets may change between environments (e.g. testing, staging etc )
- Whilst it is possible to achieve managing different environment secrets with amber (potentially by managing
amber.yaml in a different repo per environment, this undermines the goal to track the changes in values over time.
Considerations
- To store envrionment name per secret not elsewhere
- Provide a default environment name, or none
- This would/could be a breaking change to the file format so may require a bump of
FILE_FORMAT_VERSION
I've coded an intial attempt at this to demonstrate the idea and will push, though a complete implementation is missing since I'm new to Rust. I specifically got stuck at:
|
.map(|(key, value)| SecretRaw { |
after altering
SecretRaw structure to include
environment.
I hope the code tempts someone or someone can point me in a better direction.
For example user story: As a user I can specify an environment name of my choosing whilst storing a secret, perhaps with a default. When accesing a secret, the default environment is used.
e.g. Interface
Possible structure: (Note the additon of "
environment")Motivations
amber.yamlin a different repo per environment, this undermines the goal to track the changes in values over time.Considerations
FILE_FORMAT_VERSIONI've coded an intial attempt at this to demonstrate the idea and will push, though a complete implementation is missing since I'm new to Rust. I specifically got stuck at:
amber/src/config.rs
Line 109 in 65e6c6e
after altering
SecretRawstructure to includeenvironment.I hope the code tempts someone or someone can point me in a better direction.