From 757e74214a44dc4f45e5c5950e14908ae1665e7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=CC=81bastien=20Geffroy?= Date: Tue, 15 Jun 2021 10:27:31 +0200 Subject: [PATCH] Replace vault env --path by vault env --envvar in the doc --- README.rst | 2 +- docs/howto/environment.rst | 52 +++++++++++++++++++------------------- docs/howto/ssh.rst | 2 +- docs/howto/systemd.rst | 4 +-- docs/howto/upgrade.rst | 8 +++--- docs/quickstart.rst | 4 +-- tests/unit/test_cli.py | 4 +-- vault_cli/cli.py | 12 ++++----- 8 files changed, 44 insertions(+), 44 deletions(-) diff --git a/README.rst b/README.rst index 1738ee6..b50aee2 100644 --- a/README.rst +++ b/README.rst @@ -65,7 +65,7 @@ Here are a few things you might do with ``vault-cli``: ohsosecret $ # Load a secret into the environment variables: - $ vault-cli env --path mysecret -- env | grep MYSECRET + $ vault-cli env --envvar mysecret -- env | grep MYSECRET MYSECRET_MYKEY=ohsosecret $ # Load an ssh key into your ssh-agent: diff --git a/docs/howto/environment.rst b/docs/howto/environment.rst index 7f3cefa..87cf9cf 100644 --- a/docs/howto/environment.rst +++ b/docs/howto/environment.rst @@ -16,7 +16,7 @@ works: $ vault-cli set test/my_secret value=qwerty Done - $ vault-cli env --path test/my_secret -- bash -c 'echo $MY_SECRET_VALUE' + $ vault-cli env --envvar test/my_secret -- bash -c 'echo $MY_SECRET_VALUE' qwerty Environment variable naming @@ -68,29 +68,29 @@ Let's consider the vault contains only the following secret: This table maps input to output. Note that there will always be a single environment variable and its value will always be ``mysecret``. -+-------------+-----------------------+---------------------------+ -| ``--path`` | ``--omit-single-key`` | environment variable name | -+-------------+-----------------------+---------------------------+ -| ``a`` | False | ``A_B_C`` | -+-------------+-----------------------+---------------------------+ -| ``a`` | True | ``A_B`` | -+-------------+-----------------------+---------------------------+ -| ``a=D`` | False | ``D_B_C`` | -+-------------+-----------------------+---------------------------+ -| ``a=D`` | True | ``D_B`` | -+-------------+-----------------------+---------------------------+ -| ``a/b`` | False | ``B_C`` | -+-------------+-----------------------+---------------------------+ -| ``a/b`` | True | ``B`` | -+-------------+-----------------------+---------------------------+ -| ``a/b=D`` | False | ``D_C`` | -+-------------+-----------------------+---------------------------+ -| ``a/b=D`` | True | ``D`` | -+-------------+-----------------------+---------------------------+ -| ``a/b:c`` | True or False | ``C`` | -+-------------+-----------------------+---------------------------+ -| ``a/b:c=D`` | True or False | ``D`` | -+-------------+-----------------------+---------------------------+ ++---------------+-----------------------+---------------------------+ +| ``--envvar`` | ``--omit-single-key`` | environment variable name | ++---------------+-----------------------+---------------------------+ +| ``a`` | False | ``A_B_C`` | ++---------------+-----------------------+---------------------------+ +| ``a`` | True | ``A_B`` | ++---------------+-----------------------+---------------------------+ +| ``a=D`` | False | ``D_B_C`` | ++---------------+-----------------------+---------------------------+ +| ``a=D`` | True | ``D_B`` | ++---------------+-----------------------+---------------------------+ +| ``a/b`` | False | ``B_C`` | ++---------------+-----------------------+---------------------------+ +| ``a/b`` | True | ``B`` | ++---------------+-----------------------+---------------------------+ +| ``a/b=D`` | False | ``D_C`` | ++---------------+-----------------------+---------------------------+ +| ``a/b=D`` | True | ``D`` | ++---------------+-----------------------+---------------------------+ +| ``a/b:c`` | True or False | ``C`` | ++---------------+-----------------------+---------------------------+ +| ``a/b:c=D`` | True or False | ``D`` | ++---------------+-----------------------+---------------------------+ Recommended setup ----------------- @@ -112,7 +112,7 @@ Your call would look like: .. code:: console - $ vault-cli env --omit-single-key --path myapp -- myapp + $ vault-cli env --omit-single-key --envvar myapp -- myapp Ignoring errors --------------- @@ -123,7 +123,7 @@ even if it will be missing some secrets. .. code:: console - $ vault-cli env --path myapp --force -- myapp + $ vault-cli env --envvar myapp --force -- myapp .. warning:: diff --git a/docs/howto/ssh.rst b/docs/howto/ssh.rst index c85b236..ffe2982 100644 --- a/docs/howto/ssh.rst +++ b/docs/howto/ssh.rst @@ -38,5 +38,5 @@ If you need to have both ssh access and secrets as environment variables (see $ # If your key is not passphrase-protected $ vault-cli ssh --key path/to/ssh_private_key:value \ - -- vault-cli env --path myapp \ + -- vault-cli env --envvar myapp \ -- myapp_that_needs_secrets_and_ssh diff --git a/docs/howto/systemd.rst b/docs/howto/systemd.rst index 3f74aee..0142a58 100644 --- a/docs/howto/systemd.rst +++ b/docs/howto/systemd.rst @@ -58,7 +58,7 @@ launch the program through ``vault-cli env``. Let’s launch it as a one-off: .. code:: console - $ vault-cli env --path mysecret:value -- myprogram + $ vault-cli env --envvar mysecret:value -- myprogram This will make a variable named ``VALUE`` available to ``myprogram``. See the :ref:`vault-cli env ` dedicated page for more details on how you can @@ -85,7 +85,7 @@ We’ll create an override file that will change ExecStart to wrap it in # opens a new file for edition [Service] ExecStart= - ExecStart=vault-cli env --path mysecret:value=MYVAR -- myprogram --options + ExecStart=vault-cli env --envvar mysecret:value=MYVAR -- myprogram --options The empty ``ExecStart=`` tells SystemD to ignore the previous command to launch and only launch the following one. diff --git a/docs/howto/upgrade.rst b/docs/howto/upgrade.rst index 69232bc..d917998 100644 --- a/docs/howto/upgrade.rst +++ b/docs/howto/upgrade.rst @@ -37,10 +37,10 @@ The following list shows how to update your commands: (old) vault get path/to/creds (new) vault get path/to/creds value - (old) vault env --path path/to/creds=FOO -- env # FOO=xxx - (new) vault env --path path/to/creds=FOO -- env # FOO_VALUE=xxx - (new) vault env --path path/to/creds:value=FOO -- env # FOO=xxx - (new) vault env --omit-single_key --path path/to/creds=FOO -- env # FOO=xxx + (old) vault env --envvar path/to/creds=FOO -- env # FOO=xxx + (new) vault env --envvar path/to/creds=FOO -- env # FOO_VALUE=xxx + (new) vault env --envvar path/to/creds:value=FOO -- env # FOO=xxx + (new) vault env --omit-single_key --envvar path/to/creds=FOO -- env # FOO=xxx The default output of ``vault get-all`` has also changed and is now flat by default (this behavior is controlled with the ``--flat/--no-flat`` diff --git a/docs/quickstart.rst b/docs/quickstart.rst index 361ffdc..4b42d69 100644 --- a/docs/quickstart.rst +++ b/docs/quickstart.rst @@ -208,7 +208,7 @@ Let's try it. First we'll launch the command ``env``, which prints the environme .. code:: console - $ vault-cli env --path demo -- env | tail -1 + $ vault-cli env --envvar demo -- env | tail -1 DEMO_BLAKE2_SECRET_KEY=du9dibieNg3lei0teidal9 As you can see, the secrets (or, here, the secret) under the path ``demo`` have been @@ -238,7 +238,7 @@ Ok, now for the real thing: .. code:: console - $ vault-cli env --path demo -- ./docs/quickstart_demo.py yay + $ vault-cli env --envvar demo -- ./docs/quickstart_demo.py yay 341c93333a9df726c57671891d6bbea1 **Yay!** diff --git a/tests/unit/test_cli.py b/tests/unit/test_cli.py index 0df80c4..419dde4 100644 --- a/tests/unit/test_cli.py +++ b/tests/unit/test_cli.py @@ -414,9 +414,9 @@ def test_env_filter_key(cli_runner, vault_with_token, mocker): cli.cli, [ "env", - "--path", + "--envvar", "foo/baz:user=MYNAME", - "--path", + "--envvar", "foo/baz:password", "--", "echo", diff --git a/vault_cli/cli.py b/vault_cli/cli.py index 4cedeca..d36864f 100644 --- a/vault_cli/cli.py +++ b/vault_cli/cli.py @@ -519,16 +519,16 @@ def env( By default the name is build upon the relative path to the parent of the given path (in parameter) and the name of the keys in the value mapping. Let's say that we have stored the mapping `{'username': 'me', 'password': 'xxx'}` at path `a/b/c` - Using `--path a/b` will inject the following environment variables: B_C_USERNAME and B_C_PASSWORD - Using `--path a/b/c` will inject the following environment variables: C_USERNAME and C_PASSWORD - Using `--path a/b/c:username` will only inject `USERNAME=me` in the environment. + Using `--envvar a/b` will inject the following environment variables: B_C_USERNAME and B_C_PASSWORD + Using `--envvar a/b/c` will inject the following environment variables: C_USERNAME and C_PASSWORD + Using `--envvar a/b/c:username` will only inject `USERNAME=me` in the environment. You can customize the variable names generation by appending `=SOME_PREFIX` to the path. In this case the part corresponding to the base path is replace by your prefix. - Using `--path a/b=FOO` will inject the following environment variables: FOO_C_USERNAME and FOO_C_PASSWORD - Using `--path a/b/c=FOO` will inject the following environment variables: FOO_USERNAME and FOO_PASSWORD - Using `--path a/b/c:username=FOO` will inject `FOO=me` in the environment. + Using `--envvar a/b=FOO` will inject the following environment variables: FOO_C_USERNAME and FOO_C_PASSWORD + Using `--envvar a/b/c=FOO` will inject the following environment variables: FOO_USERNAME and FOO_PASSWORD + Using `--envvar a/b/c:username=FOO` will inject `FOO=me` in the environment. """ envvars = list(envvar) or [] files = list(file) or []