-
Notifications
You must be signed in to change notification settings - Fork 23
Map all secrets from directory to environment variables #286
Comments
Hi there, How does this work if you were to reference
Regards, |
Hi Mark, My current proposal would indeed be that using
Is that what you'd expect? |
That's a pretty cool idea to map subordinate directories as he prefix for the environment variable. The example I would give is where I would store secrets required for Terraform to deploy into Azure in
would map to:
This would work well in that case. Gives us flexibility. Looks good :) Regards, |
when a project has a secrethub.env file, there are advantages of visibility and explicitness (maybe its the same) about which env-var are used. it's a single-source-of-truth for the secrets that are being used in the project. when developing in a project when the project made a use of this feature, I can't know which env-var that is being used, is a secret or not. a possible response can be:
What do you guys think? |
Hi @stavalfi , yes, we welcome any input from the community! This feature is indeed meant to be used instead of a Note however, that we will still be supporting So, if you prefer the As you also noted, this I imagine the preference and trade-offs between both methods to vary between projects and processes, which is why we aim to support both and leave it up to you to pick the solution that best fits your use. You mentioned using both secrets and non-secrets in the environment. We've seen many users store both of these in SecretHub. You can also store values in SecretHub that are not secret. We might add features later which make it possible to differentiate between these two types of values stored in SecretHub (e.g. no masking, other access levels etc.) but this is not something we've currently planned. However, please use the current set of features as you see fit, including storing other values than secrets. You mentioned a user without read permissions not being able to see what secrets will be used when the
I'm not sure I quite understand what you mean. Do you mean to call SecretHub directly from your code? Could you please elaborate on this a bit? Maybe an example can help? |
the roadmap sounds very cool! thanks for the great answer :) |
This has been merged in #299 and will be included in the next release |
This has been released in v0.41.0 |
Currently, a
secrethub.env
file has to be created to easily map multiple secrets to environment variables when usingsecrethub run
.However, in many cases the names of secrets already describe the names of the environment variables they should be mounted to. By adding the
--secrets-dir path/to/dir
flag, you could easily map load all secrets to the environment.The mapping could follow a default set of rules, e.g. replace dirs (
/
) with_
etc. This could drastically decrease the setup time needed, as no templates need to be written.Example
This tree:
Would map to:
by running:
The text was updated successfully, but these errors were encountered: