Closed elprans closed 2 years ago
--specifically=
is named quite weirdly. Why not just edgedb-show-secrets.sh EDGEDB_SERVER_TLS_CERT
?
- Why TOML format? How do you expect it to be used?
flyctl secrets import
. There is no way to set secrets one by one without deploying, and setting them separately causes a failure and a rollback. Regardless, TOML is the only sensible format for multiple multiline values. Also, non-multiline format is just KEY="VAL"
, which is compatible with shells, though we probably want to add shell format explicitly. I can add a required --format=toml
if you're worried about the sensibility of it being the default.
--specifically=
is named quite weirdly. Why not justedgedb-show-secrets.sh EDGEDB_SERVER_TLS_CERT
?
Because --specifically
outputs the raw value of the single specified secret, and positional arguments are used to filter which secrets get included in TOML output, so:
edgedb-show-secrets.sh EDGEDB_SERVER_TLS_CERT
Outputs
EDGEDB_SERVER_TLS_CERT=...
And
edgedb-show-secrets.sh --specifically=EDGEDB_SERVER_TLS_CERT
Outputs
---BEGIN CERT...
- Why TOML format? How do you expect it to be used?
flyctl secrets import
. There is no way to set secrets one by one without deploying, and setting them separately causes a failure and a rollback. Regardless, TOML is the only sensible format for multiple multiline values. Also, non-multiline format is justKEY="VAL"
, which is compatible with shells, though we probably want to add shell format explicitly. I can add a required--format=toml
if you're worried about the sensibility of it being the default.
Yes, adding --format
makes sense. We don't use toml output by default anywhere. And its very rarely used as output format (i.e. I don't remember I've ever seen that).
--specifically=
is named quite weirdly. Why not justedgedb-show-secrets.sh EDGEDB_SERVER_TLS_CERT
?Because
--specifically
outputs the raw value of the single specified secret, and positional arguments are used to filter which secrets get included in TOML output, so:edgedb-show-secrets.sh EDGEDB_SERVER_TLS_CERT
Outputs
EDGEDB_SERVER_TLS_CERT=...
And
edgedb-show-secrets.sh --specifically=EDGEDB_SERVER_TLS_CERT
Outputs
---BEGIN CERT...
Oh, this is even more confusing. It's better to output raw by default and include a key with --format=toml
if we adding it anyway.
Other than that --specifically
is very sophisticated word which on the other hand isn't very precise in meaning and almost never used in any APIs, any of the below are quicker to find in my memory and would be as precise as --specifically
(except --get-raw
which says more):
--only=X
--key=X
--filter=X
--print X
--get-raw X
It's better to output raw by default and include a key with
--format=toml
if we adding it anyway. [...] Other than that--specifically
is very sophisticated word which
How about --format=raw
to show values without keys?
How about
--format=raw
to show values without keys?
That would work. It even may work fine with two keys, if those two keys are certificate and private key.
This adds
edgedb-show-secrets.sh
to the container as a way to easily obtain the raw value of a specific known secret, or a set of specified secrets, or all of known secrets, in TOML format:or
This helper is especially useful when one wants to preserve the generated TLS certificate and key as a secret on a hosting platform.