Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to import all keys from specific path #234

Closed
Eslamanwar opened this issue Jun 29, 2021 · 4 comments
Closed

How to import all keys from specific path #234

Eslamanwar opened this issue Jun 29, 2021 · 4 comments
Labels
enhancement New feature or request

Comments

@Eslamanwar
Copy link

Eslamanwar commented Jun 29, 2021
edited
Loading

Is there a way to import all keys from specific path
@Eslamanwar Eslamanwar added the enhancement New feature or request label Jun 29, 2021
@slemme1
Copy link
Contributor

slemme1 commented Jul 23, 2021

I was going to open another enhancement request to read all secrets in the provided path without specifying each one in the secrets input:
Example:
secrets:
/secrets/myPath * | prefix #get all secrets, using prefix+keyname as the output/env variable (or just keyname if no prefix).
Adding this feature would address the issue of setting secret names manually.
You can already gather all outputs and get them into json (and write to a file outside of the vault-action step):
env:
ALL_SECRETS_JSON: "${{ toJson(steps.vaultaction.outputs) }}"

I think this enhancement would just take changes in secrets.js getSecrets():
if {request.selector = *), remove this request and add a new one for each key in the path (populating request.envVarName, request.outputVarName as appropriate if prefix is supplied).
I have not contributed to open source before and would be glad to take this on if I can get some mentoring on the process...

@dcmoore-gd
Copy link

Is this anything like you're looking for? #153 (comment)

@slemme1
Copy link
Contributor

slemme1 commented Jul 28, 2021

The issue with keys having dashes (e.g., "foo-bar") was reported in Nov 2020 and I think that was fixed because the automated tests (in v 2.3.0) have a key of "other-Secret-dash" that passes (so I am not sure why #153 was not closed).

The implementation I just developed to read all keys in a path uses the same logic as individual keys and does not return a JSON output. If the wildcard * is passed, the JSON returned for the path is parsed to find the name of each key, retrieve the value, and then normalize the name that will be used for output/environment variable.
If you want all secrets in JSON, you can currently use a separate action step to do that with the output as mentioned above.

@matryxxx02 matryxxx02 mentioned this issue Aug 26, 2021
Closed
@nenad nenad mentioned this issue Feb 7, 2022
Closed
@saheljalal saheljalal mentioned this issue Mar 5, 2023
Open
@maxcoulombe
Copy link
Contributor

Hello, I'm happy to report that this feature has been implemented in #488 .
Here is a link to the relevant documentation.

In short, it is not possible to fetch all keys from a given path with the wildcard character:

with:
    secrets: |
        secret/data/ci/aws * | MYAPP_ ;

Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: wildcard for fetching all secrets Tabuleo/vault-action
4 participants
@dcmoore-gd @Eslamanwar @slemme1 @maxcoulombe