-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for HCP Vault Secrets #3067
Conversation
3366124
to
2fd6696
Compare
I’m playing with $ vlt secrets get --format json test_secret | jq . | pbcopy
{
"created_at": "2023-06-28T01:55:18.686Z",
"created_by": {
"email": "[REDACTED]",
"name": "Austin Ziegler",
"type": "TYPE_USER"
},
"latest_version": "2",
"name": "test_secret",
"version": {
"created_at": "2023-06-28T01:56:11.053Z",
"created_by": {
"email": "[REDACTED]",
"name": "Austin Ziegler",
"type": "TYPE_USER"
},
"type": "kv",
"version": "2"
}
}
$ vlt secrets get --plaintext --format json test_secret | jq .
{
"created_at": "2023-06-28T01:55:18.686Z",
"created_by": {
"email": "[email protected]",
"name": "Austin Ziegler",
"type": "TYPE_USER"
},
"latest_version": "2",
"name": "test_secret"
}
$ vlt secrets get --plaintext test_secret
real-test-value
|
Another thought: Unfortunately, it looks like chezmoi never changes $ go run . execute-template '{{ hcpVaultSecrets "test_secret" }}'
chezmoi: template: arg1:1:3: executing "arg1" at <hcpVaultSecrets "test_secret">: error calling hcpVaultSecrets: /opt/homebrew/bin/vlt secrets get --plaintext test_secret: exit status 1
Error: organization ID must be set via `vlt config init` or passed in
exit status 1
$ go run . execute-template '{{ output "pwd" }}'
/Users/austin/dev/oss/forks/chezmoi (I currently have |
I’ve provided feedback with feature requests linking back to this draft PR:
(This last would make it so that chezmoi could check for |
@halostatue thank you for providing your feedback! Would you be up for a conversation to make sure we understand the improvements request & correspondingly do the work to fix it? My calendar in case you'd be up for it. |
2f4ea2b
to
67785e3
Compare
Thanks very much for testing @halostatue! I've updated the PR with a few changes based on your work and feedback:
@kartiklunkad26 I've booked 30 minutes with you next Friday. |
d0a99bc
to
74229ce
Compare
@arrrgi do you have any input on this? |
Thanks for the invite to review progress @twpayne If I'm to understand the WIP so far:
What I wasn't able to follow was the link to the .vlt.json file as I'm unsure where that fits into the usage pattern. Is that a file that needs to be checked into the local repo with Chezmoi to ensure portability? I think there is also an undocumented assumption that before this works, you need to have installed the In a headless environment, will Chezmoi support the convention of respecting variables defined before the Other than my couple of knowledge gap questions, it's a great implementation @twpayne and @halostatue !! Love it! |
@kartiklunkad26 thanks also for supporting the Chezmoi community's feedback and requests. Sorry I didn't reach out to you directly as I consider myself a hobbyist consumer, not your usual mid-market/Ent. customer :) |
Thanks for taking a look! A couple of answers:
I don't think you need a
This is correct. You have to install the
Yes, chezmoi passes its environment on to subcommands (like |
Our intent with Vault Secrets is to make it valuable for hobbyist consumers and SMB organizations, so your use-case is very much our focus! Nevertheless, let me know if you have other feedback points that you'd like to see improve in the product. |
98d0bb1
to
8bc8472
Compare
This is now ready for review. Thank you @arrrgi for the initial input and thank you @halostatue for the thorough investigation. @kartiklunkad26 if you would be able to review the documentation, that would be fantastic. |
@kartiklunkad26 I'd like to do a new release of chezmoi by the end of this week. If you could review the docs by Thursday evening your time, that would be awesome. |
@twpayne Hey Tom. Sorry I could only get to this now. I'll review it today and leave any comments. |
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [chezmoi](https://togithub.com/twpayne/chezmoi) | minor | `2.34.3` -> `2.35.0` | --- ### Release Notes <details> <summary>twpayne/chezmoi (chezmoi)</summary> ### [`v2.35.0`](https://togithub.com/twpayne/chezmoi/releases/tag/v2.35.0) [Compare Source](https://togithub.com/twpayne/chezmoi/compare/v2.34.3...v2.35.0) ##### What's Changed - feat: Add archive-file externals by [@​twpayne](https://togithub.com/twpayne) in [https://github.com/twpayne/chezmoi/pull/3080](https://togithub.com/twpayne/chezmoi/pull/3080) - fix: Never consider localhost.localdomain in /etc/hosts as the FQDN by [@​twpayne](https://togithub.com/twpayne) in [https://github.com/twpayne/chezmoi/pull/3082](https://togithub.com/twpayne/chezmoi/pull/3082) - chore: Miscellaneous fixes by [@​twpayne](https://togithub.com/twpayne) in [https://github.com/twpayne/chezmoi/pull/3091](https://togithub.com/twpayne/chezmoi/pull/3091) - chore: Use golang/govulncheck-action by [@​twpayne](https://togithub.com/twpayne) in [https://github.com/twpayne/chezmoi/pull/3094](https://togithub.com/twpayne/chezmoi/pull/3094) - feat: Add support for HCP Vault Secrets by [@​twpayne](https://togithub.com/twpayne) in [https://github.com/twpayne/chezmoi/pull/3067](https://togithub.com/twpayne/chezmoi/pull/3067) - chore: Use Goreleaser's WinGet support by [@​twpayne](https://togithub.com/twpayne) in [https://github.com/twpayne/chezmoi/pull/3059](https://togithub.com/twpayne/chezmoi/pull/3059) **Full Changelog**: twpayne/chezmoi@v2.34.3...v2.35.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44LjExIiwidXBkYXRlZEluVmVyIjoiMzYuOC4xMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: bjw-s-bot <87358111+bjw-s-bot[bot]@users.noreply.github.com>
Fixes #3061.
WIP. Not ready for review or merge yet.