[FEATURE] Set secret visibility

[aisrael]

Is your feature request related to a problem? Please describe. As a project member, I want to be able to set / specify a secret's visibility.

Describe the solution you'd like A relatively low-lift fix would be to add an optional --visibility flag to the doppler secrets set command:

• secretsSetCmd

It should accept one of masked, unmasked, and restricted.

This would also require the setSecrets() function to be modified:

• if the --visibility flag is not specified, then it can continue to use the current secrets map.
• if the --visibility flag is specified, then it needs to compose an appropriate change_requests parameter for the secrets update api call

(Alternatively, just use the change_requests parameter entirely, but compose it with just the name and value fields.)

NOTE: When setting multiple secrets (e.g. doppler secrets set A=1 B=2 then the --visibility flag will apply to all secrets).

Describe alternatives you've considered When calling the doppler CLI from a shell script, compose the JSON payload directly and invoke the API using curl (or, using whatever HTTP request library in your preferred language, e.g. Faraday for Ruby).

Additional context

$ go run . secrets set -h
Set the value of one or more secrets.

There are several methods for setting secrets:

1) stdin (recommended)
$ echo -e 'multiline\nvalue' | doppler secrets set CERT

2) interactive stdin (recommended)
$ doppler secrets set CERT
multiline
value

.

3) one secret
$ doppler secrets set API_KEY '123'

4) multiple secrets
$ doppler secrets set API_KEY='123' DATABASE_URL='postgres:random@127.0.0.1:5432'

Usage:
  doppler secrets set [secrets] [flags]

Flags:
  -c, --config string       config (e.g. dev)
  -h, --help                help for set
      --no-interactive      do not allow entering secret value via interactive mode
  -p, --project string      project (e.g. backend)
      --raw                 print the raw secret value without processing variables
      --visibility string   visibility (e.g. masked, unmasked, or restricted)

[aisrael]

Also need to modify the models.ChangeRequest struct to accept the visibility, etc. fields. For example:

// ChangeRequest can be used to smartly update secrets
type ChangeRequest struct {
    Name               string      `json:"name"`
    OriginalName       interface{} `json:"originalName"`
    Value              interface{} `json:"value"`
    OriginalValue      interface{} `json:"originalValue,omitempty"`
    Visibility         *string     `json:"visibility,omitempty"`
    OriginalVisibility *string     `json:"originalVisibility,omitempty"`
    ShouldPromote      *bool       `json:"shouldPromote,omitempty"`
    ShouldDelete       *bool       `json:"shouldDelete,omitempty"`
    ShouldConverge     *bool       `json:"shouldConverge,omitempty"`
}

[aisrael]

$ go run . secrets set -p test -c test TEST=value --visibility masked
┌──────┬───────┬──────┐
│ NAME │ VALUE │ NOTE │
├──────┼───────┼──────┤
│ TEST │ value │      │
└──────┴───────┴──────┘

$ go run . secrets set -p test -c test TEST=value --visibility restricted
┌──────┬──────────────┬──────┐
│ NAME │ VALUE        │ NOTE │
├──────┼──────────────┼──────┤
│ TEST │ [RESTRICTED] │      │
└──────┴──────────────┴──────┘