Skip to content

feat: add list secret names tool and api for dotenv files #799

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 20, 2025
Merged

feat: add list secret names tool and api for dotenv files #799

merged 3 commits into from
Sep 20, 2025

Conversation

aaronsteers
Copy link
Contributor

@aaronsteers aaronsteers commented Sep 20, 2025
edited by coderabbitai bot
Loading

image

Summary by CodeRabbit

  • New Features
    • List available secret names from .env files without exposing secret values, improving visibility during setup and troubleshooting.
    • Aggregate and group environment variable names by each .env file to simplify discovery and management of secrets across multiple sources.
    • Expose this discovery capability in local tooling to make dotenv-based secrets easier to find and inspect.

Important

Auto-merge enabled.

This PR is set to merge automatically when all requirements are met.

@github-actions GitHub Actions
Copy link

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

Testing This PyAirbyte Version

You can test this version of PyAirbyte using the following:

# Run PyAirbyte CLI from this branch:
uvx --from 'git+https://github.com/airbytehq/PyAirbyte.git@aj/feat/list-dotenv-secret-keys' pyairbyte --help

# Install PyAirbyte from this branch for development:
pip install 'git+https://github.com/airbytehq/PyAirbyte.git@aj/feat/list-dotenv-secret-keys'

Helpful Resources

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

  • /fix-pr - Fixes most formatting and linting issues
  • /poetry-lock - Updates poetry.lock file
  • /test-pr - Runs tests with the updated PyAirbyte

Community Support

Questions? Join the #pyairbyte channel in our Slack workspace.

📝 Edit this welcome message.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 20, 2025
edited
Loading

📝 Walkthrough

Walkthrough

Adds DotenvSecretManager.list_secrets_names() and a new helper list_dotenv_secrets() that discovers DotenvSecretManager instances, reads each manager's dotenv keys, and returns a mapping from dotenv filename to list of secret names. The helper is exported via register_local_ops_tools.

Changes

Cohort / File(s) Change summary
Dotenv secret manager
airbyte/secrets/env_vars.py		 Added DotenvSecretManager.list_secrets_names(self) -> list[str] which reads dotenv_values from the manager's dotenv_path and returns the list of keys present in that .env file.
Local ops helper & registration
airbyte/mcp/_local_ops.py		 Added public helper list_dotenv_secrets() -> dict[str, list[str]] that iterates configured secret sources, selects DotenvSecretManager instances with a defined dotenv_path, calls list_secrets_names() for each, and builds a mapping of dotenv filename → secret key list. Imported DotenvSecretManager and exposed the helper via register_local_ops_tools.

Sequence Diagram(s)

sequenceDiagram
    participant Caller as Caller
    participant Locator as secret sources
    participant DM as DotenvSecretManager
    Note over Caller,Locator: Caller invokes list_dotenv_secrets()
    Caller->>Locator: get secret sources
    loop for each source
        Locator->>DM: identify DotenvSecretManager instances
        alt has dotenv_path
            DM->>DM: list_secrets_names() reads dotenv_values
            DM-->>Caller: return list of keys
        else no dotenv_path
            DM-->>Caller: skip
        end
    end
    Note over Caller: returns dict(filename -> [keys])
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Would you like a short unit-test checklist for these additions, wdyt?

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title "feat: add list secret names tool and api for dotenv files" accurately reflects the primary change in the changeset by describing that a feature was added to list secret names and that it targets dotenv files via both a tool and an API; it is concise and focused enough for a reviewer scanning history to understand the main purpose without extraneous detail.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch aj/feat/list-dotenv-secret-keys

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot requested changes Sep 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
airbyte/secrets/env_vars.py (1)

66-71: Harden .env parsing and return a stable order (optional: rename to list_secret_names)

To keep behavior consistent with get_secret() (which swallows parse/missing-file errors) and to make outputs deterministic for tests/UI, could we wrap parsing in try/except and sort the keys? Also, would you consider the singular form list_secret_names for readability, then update callers, wdyt?

Apply this diff:

-    def list_secrets_names(self) -> list[str]:
-        """List all secrets available in the .env file."""
-        dotenv_vars: dict[str, str | None] = dotenv_values(
-            dotenv_path=self.dotenv_path,
-        )
-        return list(dotenv_vars.keys())
+    def list_secrets_names(self) -> list[str]:
+        """List all secret variable names available in the .env file (names only, no values)."""
+        try:
+            dotenv_vars: dict[str, str | None] = dotenv_values(
+                dotenv_path=self.dotenv_path,
+            )
+        except Exception:
+            # Can't locate or parse a .env file; align with get_secret() behavior
+            return []
+        return sorted(dotenv_vars.keys())

If you prefer the rename, here’s the alternative within this file:

-    def list_secrets_names(self) -> list[str]:
+    def list_secret_names(self) -> list[str]:

And the corresponding call-site update is proposed in airbyte/mcp/_local_ops.py below.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b3406e and c9fccb3.

📒 Files selected for processing (2)
  • airbyte/mcp/_local_ops.py (2 hunks)
  • airbyte/secrets/env_vars.py (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
airbyte/mcp/_local_ops.py (2)
airbyte/secrets/env_vars.py (3)
  • DotenvSecretManager (31-71)
  • name (37-41)
  • list_secrets_names (66-71)
airbyte/secrets/config.py (1)
  • _get_secret_sources (16-32)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: Pytest (All, Python 3.11, Windows)
  • GitHub Check: Pytest (All, Python 3.11, Ubuntu)
  • GitHub Check: Pytest (All, Python 3.10, Ubuntu)
  • GitHub Check: Pytest (All, Python 3.10, Windows)
  • GitHub Check: Pytest (No Creds)
  • GitHub Check: Pytest (Fast)
🔇 Additional comments (1)
airbyte/mcp/_local_ops.py (1)

18-18: Import looks good

Importing DotenvSecretManager here is appropriate for the type check in the new helper. LGTM.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 20, 2025
edited
Loading

PyTest Results (Fast Tests Only, No Creds)

301 tests  ±0   301 ✅ ±0   4m 46s ⏱️ +16s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 1010b46. ± Comparison against base commit 7b3406e.

♻️ This comment has been updated with latest results.

@aaronsteers aaronsteers enabled auto-merge (squash) September 20, 2025 07:18
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 20, 2025
edited
Loading

PyTest Results (Full)

364 tests  ±0   348 ✅ ±0   21m 32s ⏱️ -18s
  1 suites ±0    16 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 1010b46. ± Comparison against base commit 7b3406e.

♻️ This comment has been updated with latest results.

coderabbitai[bot]
coderabbitai bot reviewed Sep 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (3)
airbyte/mcp/_local_ops.py (3)

188-200: Harden + make output deterministic (sort + guard errors).

Could we sort the names and guard against dotenv parsing errors so callers get stable, non-throwing results, wdyt?

Apply this diff:

 def list_dotenv_secrets() -> dict[str, list[str]]:
-    """List all environment variable names declared within declared .env files.
-
-    This returns a dictionary mapping the .env file name to a list of environment
-    variable names. The values of the environment variables are not returned.
-    """
+    """List environment variable names declared in configured .env files.
+
+    Returns: mapping of absolute .env file path -> sorted list of variable names (names only; no values).
+    """
     result: dict[str, list[str]] = {}
     for secrets_mgr in _get_secret_sources():
         if isinstance(secrets_mgr, DotenvSecretManager) and secrets_mgr.dotenv_path:
-            result[str(secrets_mgr.dotenv_path.resolve())] = secrets_mgr.list_secrets_names()
+            key = str(secrets_mgr.dotenv_path.resolve())
+            try:
+                names = secrets_mgr.list_secrets_names()
+            except Exception:
+                names = []
+            result[key] = sorted(names)
 
     return result

189-193: Docstring mismatch with behavior.

Doc says “file name” but the key is an absolute path; also phrasing repeats “declared”. Mind updating to reflect absolute paths and simplify wording, wdyt?

Apply this docstring-only diff if you prefer a minimal change:

-    """List all environment variable names declared within declared .env files.
-
-    This returns a dictionary mapping the .env file name to a list of environment
-    variable names. The values of the environment variables are not returned.
-    """
+    """List environment variable names declared in configured .env files.
+
+    Returns a mapping of absolute .env file path to a list of variable names (names only; no values).
+    """

194-199: Check comfort level with exposing absolute paths.

Using absolute paths as keys can surface local usernames or workspace structure in UIs/logs. Is that acceptable for this tool, or should we consider masking (e.g., Path.name, relative-to-CWD, or a “display_name” field) while keeping the absolute path in a separate “path” field, wdyt?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dbf1e3e and 1010b46.

📒 Files selected for processing (1)
  • airbyte/mcp/_local_ops.py (3 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
airbyte/mcp/_local_ops.py (2)
airbyte/secrets/env_vars.py (2)
  • DotenvSecretManager (31-71)
  • list_secrets_names (66-71)
airbyte/secrets/config.py (1)
  • _get_secret_sources (16-32)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: Pytest (All, Python 3.11, Ubuntu)
  • GitHub Check: Pytest (All, Python 3.11, Windows)
  • GitHub Check: Pytest (All, Python 3.10, Ubuntu)
  • GitHub Check: Pytest (All, Python 3.10, Windows)
  • GitHub Check: Pytest (No Creds)
  • GitHub Check: Pytest (Fast)
🔇 Additional comments (2)
airbyte/mcp/_local_ops.py (2)

18-18: LGTM: needed import added.

Importing DotenvSecretManager enables the isinstance guard below; looks good.

691-691: Approve: list_dotenv_secrets registered

list_dotenv_secrets is defined (airbyte/mcp/_local_ops.py:188) and registered in register_local_ops_tools (airbyte/mcp/_local_ops.py:691); no occurrences of the old name list_dotenv_secret_names remain — wdyt?

@aaronsteers aaronsteers merged commit 1b341de into main Sep 20, 2025
22 checks passed
@aaronsteers aaronsteers deleted the aj/feat/list-dotenv-secret-keys branch September 20, 2025 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

@davinchia davinchia Awaiting requested review from davinchia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aaronsteers