search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
13k stars 677 forks source link

[CLI] export secrets based on project name #334

Open Andarius opened 1 year ago

Andarius commented 1 year ago

Feature description

For now, when trying to export secrets locally, we must first run infisical init and then manually select the project.

It would be nice if we could just pass the project name to the export command so that we could run 

infisical export --project-name="example-project" --env=prod --format=json > secrets.json

Why would it be useful?

It would allow to run the following when setting up multiple projects at once:

#!/usr/bin/env bash

readonly PROJECTS=(
  proj-1
  proj-2
)

declare -A ENVFILES=(
  ["proj-1"]=".env.proj1"
  ["proj-2"]=".env.proj2"
)

for project in "${PROJECTS[@]}"; do
  _env_file=${ENVFILES[$project]}
  echo "Exporting '$project' to $_env_file"
  infisical export --project-name="$project" --env="stg" --format=dotenv > "$_env_file"
done
maidul98 commented 1 year ago

Great suggestion, I will let you know when we are able to pick this up in our sprint!

maidul98 commented 1 year ago

It looks like one or more projects can have the same name currently. Since this is already the standard, I think the easiest option is to do it by projectId. What do you think about a flag to specify the project ID?

Andarius commented 1 year ago

Yes that would work too :)

maidul98 commented 1 year ago

You can add --projectId to the export command in the latest version of the CLI! Let us know if things are working on your end.

Andarius commented 1 year ago

Hey @maidul98, sorry for the late answer. I tried the following command but it's asking to connect to a project.

infisical export --env=stg --format=dotenv --projectId=***********

It looks you have not yet connected this project to Infisical
To do so, run [infisical init] then run your command again

I'm not sure why it's asking since I'm passing the ID in the command.

maidul98 commented 1 year ago

I'll take another look at this and get back to you

Andarius commented 1 year ago

Hey @maidul98, do you have any news on this issue ?

maidul98 commented 1 year ago

Hey @Andarius the issue is occurring because for none service token fetch, the code still requires a workspace file. As a temporary work around, you can run infisical init and then use the --projectID which will override the project id in the .infisical.json.

I will need some time to see how we can re format the current workflow so that it doesn't require the file for none service token use cases. Let me know if the work around is working for you.