search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
13k stars 677 forks source link

Support for BitBucket deployment environments #808

Open Radiergummi opened 11 months ago

Radiergummi commented 11 months ago

Feature description

Right now, the BitBucket integration allows to connect an Infisical environment to a single repository, which will sync all secrets into the repository configuration.
However, this doesn't really mirror the way software teams usually work: For pretty much all projects I've seen before, there are separate branches for development, staging and production.

BitBucket has a hierarchical variable system, with finer-grained variables overriding those in a broader scope:

  1. Workspace variables (workspaces are roughly similar to GitHub orgs)
  2. Repository variables
  3. Deployment environment variables

This means that if a variable FOO is specified in all of a workspace, a repository, and the deployment environment staging, the definition in the staging deployment environment "wins".

I'd like to suggest adding support for BitBucket deployment environments to the integration, such that I can actually specify staging and production secrets in Infisical and use them in the respective deployment pipeline.
This would require adding an additional dropdown to the integration creation screen, probably named "BitBucket Deployment environment", which could be either one of the existing environments on BitBucket, or none to sync with the repository variables as it is currently implemented.

Why would it be useful?

A deployment environment can be used in Bitbucket Pipelines to dedicate deployment steps in a pipeline configuration to a named deployment target. For example, in the build configuration of my "staging" branch, I can define a step such as:

branches:
  staging:
    steps:
      - name: Deploy
        deployment: staging  # <-- deployment environment here
        script:
          - gcloud container clusters get-credentials "${CLUSTER_NAME}"
                                                       # ^-------------- variable

and be sure CLUSTER_NAME will resolve to the variable I defined in the "staging" environment as referenced in the step.

The UI for them looks like so:

Bildschirmfoto 2023-07-31 um 12 14 37

Additional information

I haven't looked at your source code yet, but API-wise, the deployment environments are just another layer of resources with their own endpoints:

With the environment UUID, you can just prefix all API calls to create/update/delete secrets with the environment, and it should work fine.

Salman2301 commented 4 months ago

I am happy to work on this looks same as GitHub integrations #1398 PR