Add secret override flag to CLI

Infisical · Dec 26, 2022 · 9e28ba9 · 9e28ba9
1 parent 454d1d3
commit 9e28ba9
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 0 deletions.
diff --git a/cli/packages/cmd/run.go b/cli/packages/cmd/run.go
@@ -60,6 +60,13 @@ var runCmd = &cobra.Command{
 			return
 		}
 
+		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
+		if err != nil {
+			log.Errorln("Unable to parse the secret-overriding flag")
+			log.Debugln(err)
+			return
+		}
+
 		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
 		if err != nil {
 			log.Errorln("Unable to parse the substitute flag")
@@ -84,6 +91,10 @@ var runCmd = &cobra.Command{
 			secrets = util.SubstituteSecrets(secrets)
 		}
 
+		if secretOverriding {
+			secrets = util.OverrideWithPersonalSecrets(secrets)
+		}
+
 		if cmd.Flags().Changed("command") {
 			command := cmd.Flag("command").Value.String()
 			err = executeMultipleCommandWithEnvs(command, secrets)
@@ -108,6 +119,7 @@ func init() {
 	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
 	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
+	runCmd.Flags().Bool("secret-overriding", true, "If two secrets are found with the same name, the one that is of type personal will be prioritized")
 	runCmd.Flags().StringP("command", "c", "", "chained commands to execute (e.g. \"npm install && npm run dev; echo ...\")")
 }
 

diff --git a/cli/packages/models/cli.go b/cli/packages/models/cli.go
@@ -17,6 +17,7 @@ type ConfigFile struct {
 type SingleEnvironmentVariable struct {
 	Key   string `json:"key"`
 	Value string `json:"value"`
+	Type  string `json:"type"`
 }
 
 type WorkspaceConfigFile struct {

diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go
@@ -14,6 +14,9 @@ import (
 	"golang.org/x/crypto/nacl/box"
 )
 
+const PERSONAL_SECRET_TYPE_NAME = "personal"
+const SHARED_SECRET_TYPE_NAME = "shared"
+
 func getSecretsByWorkspaceIdAndEnvName(httpClient resty.Client, envName string, workspace models.WorkspaceConfigFile, userCreds models.UserCredentials) (listOfSecrets []models.SingleEnvironmentVariable, err error) {
 	var pullSecretsRequestResponse models.PullSecretsResponse
 	response, err := httpClient.
@@ -78,6 +81,7 @@ func getSecretsByWorkspaceIdAndEnvName(httpClient resty.Client, envName string,
 		env := models.SingleEnvironmentVariable{
 			Key:   string(plainTextKey),
 			Value: string(plainTextValue),
+			Type:  string(secret.Type),
 		}
 
 		listOfEnv = append(listOfEnv, env)
@@ -187,6 +191,7 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string,
 		env := models.SingleEnvironmentVariable{
 			Key:   string(plainTextKey),
 			Value: string(plainTextValue),
+			Type:  string(secret.Type),
 		}
 
 		listOfEnv = append(listOfEnv, env)
@@ -335,9 +340,48 @@ func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.Sing
 		expandedSecrets = append(expandedSecrets, models.SingleEnvironmentVariable{
 			Key:   secret.Key,
 			Value: expandedVariable,
+			Type:  secret.Type,
 		})
 
 	}
 
 	return expandedSecrets
 }
+
+// if two secrets with the same name are found, the one that has type `personal` will be in the returned list
+func OverrideWithPersonalSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable {
+	personalSecret := make(map[string]models.SingleEnvironmentVariable)
+	sharedSecret := make(map[string]models.SingleEnvironmentVariable)
+	secretsToReturn := []models.SingleEnvironmentVariable{}
+
+	for _, secret := range secrets {
+		if secret.Type == PERSONAL_SECRET_TYPE_NAME {
+			personalSecret[secret.Key] = models.SingleEnvironmentVariable{
+				Key:   secret.Key,
+				Value: secret.Value,
+				Type:  secret.Type,
+			}
+		}
+
+		if secret.Type == SHARED_SECRET_TYPE_NAME {
+			sharedSecret[secret.Key] = models.SingleEnvironmentVariable{
+				Key:   secret.Key,
+				Value: secret.Value,
+				Type:  secret.Type,
+			}
+		}
+	}
+
+	for _, secret := range secrets {
+		personalValue, personalExists := personalSecret[secret.Key]
+		sharedValue, sharedExists := sharedSecret[secret.Key]
+
+		if personalExists && sharedExists || personalExists && !sharedExists {
+			secretsToReturn = append(secretsToReturn, personalValue)
+		} else {
+			secretsToReturn = append(secretsToReturn, sharedValue)
+		}
+	}
+
+	return secretsToReturn
+}