search

Versent / unicreds

unicreds is a CLI which manages secrets in AWS using DynamoDB and KMS.
https://github.com/Versent/unicreds
MIT License
117 stars 40 forks source link

add option to strip suffix/prefix from credentials before exec #60

Closed SonOfBytes closed 4 years ago

SonOfBytes commented 7 years ago

Although encryption context allows for credentials to be "effectively" filtered they don't stop credentials from different environments with the same credential name from overwriting each other.

The common pattern to overcome this is to add an environment prefix or suffix to the credential name. E.G. STAGING_SECRET_KEY and PROD_SECRET_KEY

This PR enables the environment variables that are injected into a command environment to have these prefixes and suffixes stripped before injection. The actual keys remain unchanged for all other operations.

E.G. the following will strip PROD_ for the credential and just inject SECRET_KEY

unicreds exec env -D _ -P PROD

Similarly -S operates on the suffix and -D denotes the delimiter (default ".")

Tests add

Works properly with PR #59

SonOfBytes commented 7 years ago

Any thoughts on this? Adjustments? 😄

wolfeidau commented 7 years ago

I haven't merged this yet as I need to try it out!

This one is a bit more complex to test / review.

Will update soon.

SonOfBytes commented 7 years ago

thoughts?

SonOfBytes commented 4 years ago

no longer using this tool so closing the request