Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(secrets): add Doppler adapter #1099

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat(secrets): add Doppler adapter #1099

wants to merge 5 commits into from

Conversation

mrbongiolo
Copy link

@mrbongiolo mrbongiolo commented Oct 11, 2024
edited
Loading

Doppler organizes secrets in "projects" (like my-awesome-project) and "configs" (like prod, stg, etc.), so the pattern project/config is required when defining the --account option.

Doppler does not have a concept of folders, so using --from option or FOLDER/SECRET pattern is not supported and will raise an error.

Initially, I was thinking of using the --from option to define the Doppler "config", but this would require a much larger change in how secrets are "folderized", so not allowing to use that option and parsing --account=project/config accordingly seemed like a better approach for now.

Site documentation PR: basecamp/kamal-site#134

@mrbongiolo mrbongiolo mentioned this pull request Oct 11, 2024
Open
@djmb
Copy link
Collaborator

djmb commented Nov 4, 2024

Thanks @mrbongiolo!

It looks like there's no concept of an account for Doppler (or at least we the adapter doesn't need to know about it), so I think we should just make the account optional.

That could be a new requires_account? method on the abstract adapter that defaults to true.

The --from command is for specifying common prefixes for secrets, so I think we should allow it to be called like:

kamal secrets fetch --adapter doppler --from my-project/prd SECRET1 SECRET2 SECRET3

or:

kamal secrets fetch --adapter doppler my-project/prd/SECRET1 my-project/prd/SECRET2 my-project/prd/SECRET3

The second format would allow you to extract secrets from different projects or configs if really needed.

@djmb
Copy link
Collaborator

djmb commented Nov 4, 2024

Oh, could we also implement the check_dependencies! method that was recently added. It should give a nice error message if doppler is not installed.

@mrbongiolo
Copy link
Author

Thanks for the review @djmb!! I'll fix the points that you brought up and update the PR later today.

@mrbongiolo
Copy link
Author

mrbongiolo commented Nov 5, 2024
edited
Loading

@djmb PR updated. Also added support for ENV["DOPPLER_TOKEN"], based on #1183

I will update the docs PR soon as well.

With the current approach, the doppler adapter doesn't support fetching secrets from multiple projects/configs when defining secrets like my-project/dev/SECRET1 other-project/prod/SECRET2. It will always use the project/config set for the first secret or the one using the --from option.

@mrbongiolo mrbongiolo requested a review from djmb November 5, 2024 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djmb djmb Awaiting requested review from djmb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mrbongiolo @djmb