search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
15.39k stars 920 forks source link

Special infisical-specific env var to test everything loaded correctly #2513

Open gee-forr opened 3 weeks ago

gee-forr commented 3 weeks ago

Feature description

It would be amazing if Infisical could inject a special "back-office only" env var along with user-defined env vars so that we can determine if it loaded secrets correctly.

Why would it be useful?

background

We have a script that runs automatically when you cd into a directory with direnv. This script sets up a bunch of defaults, including install the infisical CLI if its not already installed.

It also loads secrets into the current shell by running eval $(infisical export --format=dotenv-export). This is great for DX, because developers don't need to do anything besides have a logged in infisical account, and cding into a project's dir will get everything ready for development.

how would we use this feature?

We would like to extend our envrc script to also throw an error if the env vars did not load correctly. As an Envkey refugee, we use to look for an __ENVKEY_LOADED env var and if it was there, we knew things loaded fine. If it was not there, we printed out a big red scary error, so that the dev could debug an Envkey issue instead of wasting time trying to figure out why their local dev environment is not working right.

Additional context

It would be great if infisical could add an __INFISICAL_LOADED env var with any non-blank value.

What would be even cooler is if there were also __INFISICAL_PROJECT and __INFISICAL_ENVIRONMENT env vars that contained the project and environment slug's respectively, which could help with throwing errors if the wrong env is being accidentally loaded.

matzeeable commented 2 weeks ago

Solved it this way:

INFISICAL_EXPORT=$(infisical export --format=dotenv-export)
eval $INFISICAL_EXPORT
__INFISICAL_LOADED=$(echo "$INFISICAL_EXPORT" | cut -d'=' -f1 | cut -d' ' -f2 | tr '\n' ',' | sed 's/,$//')
gee-forr commented 2 weeks ago 
INFISICAL_EXPORT=$(infisical export --format=dotenv-export)
eval $INFISICAL_EXPORT
__INFISICAL_LOADED=$(echo "$INFISICAL_EXPORT" | cut -d'=' -f1 | cut -d' ' -f2 | tr '\n' ',' | sed 's/,$//')

Hey @matzeeable - this is nice DIY solution that should work until/if infisical implement it natively - thanks!