search

PierreBeucher / novops

Cross-platform secret & config manager for development and CI environments
https://novops.dev
GNU Lesser General Public License v3.0
158 stars 9 forks source link

Perform a base64 decode on secret before saving to disk #113

Open hongkongkiwi opened 2 months ago

hongkongkiwi commented 2 months ago

Suggestion for a really useful feature that would make my life easier.

I have a DER encoded certificate which is encoded as base64 that I'm storing in the cloud.

It would be really great to have a flag which gets novops to run a base64 decode on the object after downloading it to get it back to a binary file (obviously this is only really appropriate when the secret is put into a file, not an environment variable).

This allows binary files to be used as secrets in various cases. I imagine this is also useful when dealing with encrypted blobs when the end device handles decryption.

PierreBeucher commented 2 months ago

That's an interesting use case ! To make this more generic, how about a kind of "post-processing" so it can be base64 decode or something else, such as:

environments:
  dev:
    variables:
      - name: MY_B64_VAR
        value: ZGVjb2RlLW1lCg== 
        postprocess:
          base64decode:

I'm not sure about the postprocess, but an option like this on the item itself seems a possible way of implementing this.

hongkongkiwi commented 1 month ago

Yes, postprocess could work here. I guess having an option for other postprocess could be good, that could lead into having local decryption too easy enough as it's just another postprocessor.