Closed Piccirello closed 2 years ago
Comments have been addressed. The env format now wraps all values in quotes. I'm going to push us pretty hard to limit the number of supported formats at launch, as well as any other features that are a nice to have. We can add more functionality over time.
Currently,
doppler run
always inject secrets as environment variables. With this PR, secrets can now instead be mounted to an ephemeral file. The file exists for the lifetime of the application and can be read by libraries like dotenv. The path to the file is made available in theDOPPLER_CLI_SECRETS_PATH
environment variable.This feature supports custom name transformers.
Example:
Example w/ Node:
doppler run
:mount
mount-format
mount-max-reads
More info
Technically, the mounted secrets file is a named pipe. This allows us to ensure that the pipe's contents (i.e. the secrets) are only accessible while the CLI is connected to it. Once the CLI exits, the pipe is useless.
Potential gotchas:
Closes ENG-3665