Closed aisrael closed 3 months ago
Also need to modify the models.ChangeRequest struct to accept the visibility, etc. fields. For example:
// ChangeRequest can be used to smartly update secrets
type ChangeRequest struct {
Name string `json:"name"`
OriginalName interface{} `json:"originalName"`
Value interface{} `json:"value"`
OriginalValue interface{} `json:"originalValue,omitempty"`
Visibility *string `json:"visibility,omitempty"`
OriginalVisibility *string `json:"originalVisibility,omitempty"`
ShouldPromote *bool `json:"shouldPromote,omitempty"`
ShouldDelete *bool `json:"shouldDelete,omitempty"`
ShouldConverge *bool `json:"shouldConverge,omitempty"`
}
$ go run . secrets set -p test -c test TEST=value --visibility masked
┌──────┬───────┬──────┐
│ NAME │ VALUE │ NOTE │
├──────┼───────┼──────┤
│ TEST │ value │ │
└──────┴───────┴──────┘
$ go run . secrets set -p test -c test TEST=value --visibility restricted
┌──────┬──────────────┬──────┐
│ NAME │ VALUE │ NOTE │
├──────┼──────────────┼──────┤
│ TEST │ [RESTRICTED] │ │
└──────┴──────────────┴──────┘
Is your feature request related to a problem? Please describe. As a project member, I want to be able to set / specify a secret's visibility.
Describe the solution you'd like A relatively low-lift fix would be to add an optional
--visibility
flag to thedoppler secrets set
command:It should accept one of
masked
,unmasked
, andrestricted
.This would also require the setSecrets() function to be modified:
--visibility
flag is not specified, then it can continue to use the current secrets map.--visibility
flag is specified, then it needs to compose an appropriatechange_requests
parameter for the secrets update api call(Alternatively, just use the
change_requests
parameter entirely, but compose it with just thename
andvalue
fields.)NOTE: When setting multiple secrets (e.g.
doppler secrets set A=1 B=2
then the--visibility
flag will apply to all secrets).Describe alternatives you've considered When calling the
doppler
CLI from a shell script, compose the JSON payload directly and invoke the API usingcurl
(or, using whatever HTTP request library in your preferred language, e.g. Faraday for Ruby).Additional context