Closed SonOfBytes closed 4 years ago
Any thoughts on this? Adjustments? 😄
I haven't merged this yet as I need to try it out!
This one is a bit more complex to test / review.
Will update soon.
thoughts?
no longer using this tool so closing the request
Although encryption context allows for credentials to be "effectively" filtered they don't stop credentials from different environments with the same credential name from overwriting each other.
The common pattern to overcome this is to add an environment prefix or suffix to the credential name. E.G. STAGING_SECRET_KEY and PROD_SECRET_KEY
This PR enables the environment variables that are injected into a command environment to have these prefixes and suffixes stripped before injection. The actual keys remain unchanged for all other operations.
E.G. the following will strip PROD_ for the credential and just inject SECRET_KEY
unicreds exec env -D _ -P PROD
Similarly -S operates on the suffix and -D denotes the delimiter (default ".")
Tests add
Works properly with PR #59