Skip to content

Rewrite the tool from scratch with nicer name (a8c-secrets) and CLI API (v1) #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 27 commits into
base: delete-everything-and-start-fresh
Choose a base branch
from
Draft

Rewrite the tool from scratch with nicer name (a8c-secrets) and CLI API (v1) #29

wants to merge 27 commits into from

Conversation

@AliSoftware
Copy link

@AliSoftware AliSoftware commented Oct 31, 2025

See: AINFRA-882

What?

This is a brand new implementation of a a8c-secrets tool I vibe-coded with Claude and Cursor some time ago

Why?

The goal of this fresh implementation was to provide a better and more intelligible name and API for the tool (given how confusing the API of configure with configure apply / configure update is and have been confusing most of us many times).

How?

This implementation still relies on the ~/.mobile-secrets repo as a backing store though, so the high-level concepts and ways of working are still very similar to the original configure, with the key differences being:

  • The name of the tool is a8c-secrets
  • The subcommand names are simpler and clearer in intent (a8c-secrets setup, a8c-secrets decrypt, a8c-secrets encrypt
  • The directory in which the encrypted files are stored in the repo is named .a8c-secrets/ instead of .configure-files
  • The .configure JSON file is now replaced by a .a8c-secrets/config.yaml file (which is now inside the .a8c-secrets/ directory instead of being a sibling like .configure vs .configure-files/ files were)
  • The .a8c-secrets/config.yaml file is intended to be manually edited when ones wants to add/remove/change the list and locations of secret files needing to be encrypted/decrypted—as opposed to how configure had complex dedicated subcommands like configure_add / configure_update that added to the confusion.

What's Next

Idea 1: a8c-secrets tool without needing a ~/.mobile-secrets repo

After discussing about the topic of secret files in our repos at our Prague team meetup, we settled with the idea that the future tool we want to replace configure should actually even change the way it's working internally to not rely on the ~/.mobile-secrets repo at all anymore (and instead always encrypt/decrypt files using the shared symmetric encryption key of that repo, that devs could have set up as an env var on their machines to decrypt files locally just like CI already does)

That would completely eliminate the need for having a separate ~/.mobile-secrets repo (which also has the drawback of containing all the secrets of all the repos, instead of only the secrets of repos a given dev is supposed to have access to) and simplify the way to use such tool even more.

Idea 2: Use existing tool instead of re-inventing the wheel

Since that discussion though, I pondered that we probably were not the first ones to have this need, and that there sure could already exist similar tools in the wild.

A quick search led me to transcrypt for example, which seems to be a very interesting candidate, especially as it would make the encryption/decryption totally transparent (using git filters to encrypt the files on commit/push and decrypt them on the fly on checkout). To be continued.

@AliSoftware
Initial setup
a440e8d
@AliSoftware
Simplify help
140e3cf
@AliSoftware
Reorder functions + improve example config
0ecc99e
@AliSoftware
Add check for file being git-ignored
3cc6a6f 
+ cargo fmt the code
@AliSoftware
Ensure destination is git-ignored during both commands
f381c76
@AliSoftware
Check mobile-secrets is up-to-date during update
be02444
@AliSoftware
Rename subcommands
7d26f83 
 - `update` -> `encrypt`
 - `apply` -> `decrypt`
@AliSoftware
Improve wording of some docs and logs
8a3c887
@AliSoftware
Split utils.rs into 3 modules instead
dd21616 
For better code organization
@AliSoftware
Small rename
a81d6d4
@AliSoftware
lint-fix
333cc6a
@AliSoftware
make fmt
023059a
@AliSoftware
Clean up Makefile
167322d
@AliSoftware
fix: address insecure YAML parsing in encryption keys file
d7d6e3f 
- Replace unwrap_or_default() with proper error handling for YAML parsing
- Fail explicitly with descriptive error messages when YAML is invalid
- Prevent silent failures that could mask security-critical file corruption
@AliSoftware
fix: handle detached HEAD state in mobile-secrets repository
39a80a2 
- Add validation to detect when ~/.mobile-secrets is in detached HEAD state
- Extract duplicated validation logic into private helper function
- Provide clear error message with instructions to fix the issue
- Prevent cryptic failures when repository is not on a proper branch
- Apply fix to both get_mobile_secrets_head_sha1 and check_mobile_secrets_up_to_date functions
@AliSoftware
Use constants for crypto parameters
6f05b95
@AliSoftware
refactor: standardize error messages across the codebase
a24601c 
- Improve error messages to be more descriptive and actionable
- Add context and suggestions to simple error messages
- Use consistent formatting with multi-line messages for complex errors
@AliSoftware
fix: address potential panic with to_string_lossy()
bfd8134 
- Replace to_string_lossy() with to_str() and proper error handling
- Add validation for UTF-8 characters in filenames
- Provide clear error messages when filenames contain invalid UTF-8
- Prevent potential panics when processing files with non-UTF-8 names
@AliSoftware
feat: add source path validation for security
8183c63 
- Add validate_source_path function to paths.rs module
- Validate source paths are relative to ~/.mobile-secrets (not absolute)
- Prevent path traversal attacks by blocking '..' in source paths
- Check that source files exist and are actually files (not directories)
- Integrate validation into encrypt command
- Keep existing detailed error messages for file operations
@AliSoftware
feat: add structured logging and verbose mode
586e9d4 
- Add tracing and tracing-subscriber dependencies for structured logging
- Add --verbose/-v global flag to CLI for debug-level logging
- Initialize logging with appropriate level based on verbose flag
- Add debug and info logging throughout commands
- Log command start/completion and key operations
- Provide better debugging capabilities for troubleshooting
@AliSoftware
Allow prompt about not on latest .mobile-secrets to be skipped
dfb6de5 
In preparation for unit tests needing to bypass interactive prompt
@AliSoftware
Annotate generate_encryption_key with #[must_use]
35169df
@AliSoftware
Add unit + integration tests
d68b1c7
@AliSoftware
Improve code documentation of lib.rs
af19b86 
 - Around Config/SecretFileEntry structs
 - Around constants
@AliSoftware
Support tilde in destination paths
c9044a8
@AliSoftware
Fix tests
bd59e7d 
Especially now allow the various implementations to take the repo to operate on as a parameter, so that in real world use case we'd still inject the `current_dir()` to those calls, but during tests we can inject a `tempdir()` to isolate the tests to temp directories and avoid having them pollute the current folder they're run from or interact with each others.
@AliSoftware
Add AI-generated README
b17a1ab
@AliSoftware AliSoftware changed the title A8c secrets v1 Rewrite the tool from scratch with nicer name (a8c-secrets) and CLI API (v1) Oct 31, 2025
@AliSoftware
Copy link
Author

AliSoftware commented Oct 31, 2025

cc @wzieba as you wanted to take a look at the code 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AliSoftware