-
Notifications
You must be signed in to change notification settings - Fork 240
Expand file tree
/
Copy pathsecret.go
More file actions
134 lines (118 loc) · 3.56 KB
/
secret.go
File metadata and controls
134 lines (118 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package commands
import (
"errors"
"fmt"
"strings"
"github.com/spf13/cobra"
"github.com/docker/mcp-gateway/cmd/docker-mcp/internal/docker"
"github.com/docker/mcp-gateway/cmd/docker-mcp/secret-management/secret"
)
const setSecretExample = `
### Use secrets for postgres password with default policy
> docker mcp secret set POSTGRES_PASSWORD=my-secret-password
> docker run -d -l x-secret:POSTGRES_PASSWORD=/pwd.txt -e POSTGRES_PASSWORD_FILE=/pwd.txt -p 5432 postgres
### Pass the secret via STDIN
> echo my-secret-password > pwd.txt
> cat pwd.txt | docker mcp secret set POSTGRES_PASSWORD
`
func secretCommand(docker docker.Client) *cobra.Command {
cmd := &cobra.Command{
Use: "secret",
Short: "Manage secrets",
Example: strings.Trim(setSecretExample, "\n"),
}
cmd.AddCommand(rmSecretCommand())
cmd.AddCommand(listSecretCommand())
cmd.AddCommand(setSecretCommand())
cmd.AddCommand(exportSecretCommand(docker))
return cmd
}
func rmSecretCommand() *cobra.Command {
var opts secret.RmOpts
cmd := &cobra.Command{
Use: "rm name1 name2 ...",
Short: "Remove secrets from Docker Desktop's secret store",
RunE: func(cmd *cobra.Command, args []string) error {
if err := validateRmArgs(args, opts); err != nil {
return err
}
return secret.Remove(cmd.Context(), args, opts)
},
}
flags := cmd.Flags()
flags.BoolVar(&opts.All, "all", false, "Remove all secrets")
return cmd
}
func validateRmArgs(args []string, opts secret.RmOpts) error {
if len(args) == 0 && !opts.All {
return errors.New("either provide a secret name or use --all to remove all secrets")
}
return nil
}
func listSecretCommand() *cobra.Command {
var opts secret.ListOptions
cmd := &cobra.Command{
Use: "ls",
Short: "List all secret names in Docker Desktop's secret store",
Args: cobra.NoArgs,
RunE: func(cmd *cobra.Command, _ []string) error {
return secret.List(cmd.Context(), opts)
},
}
flags := cmd.Flags()
flags.BoolVar(&opts.JSON, "json", false, "Print as JSON.")
return cmd
}
func setSecretCommand() *cobra.Command {
opts := &secret.SetOpts{}
cmd := &cobra.Command{
Use: "set key[=value]",
Short: "Set a secret in Docker Desktop's secret store",
Example: strings.Trim(setSecretExample, "\n"),
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
if !secret.IsValidProvider(opts.Provider) {
return fmt.Errorf("invalid provider: %s", opts.Provider)
}
var s secret.Secret
if isNotImplicitReadFromStdinSyntax(args, *opts) {
va, err := secret.ParseArg(args[0], *opts)
if err != nil {
return err
}
s = *va
} else {
val, err := secret.MappingFromSTDIN(cmd.Context(), args[0])
if err != nil {
return err
}
s = *val
}
return secret.Set(cmd.Context(), s, *opts)
},
}
flags := cmd.Flags()
flags.StringVar(&opts.Provider, "provider", "", "Supported: credstore, oauth/<provider>")
return cmd
}
func isNotImplicitReadFromStdinSyntax(args []string, opts secret.SetOpts) bool {
return strings.Contains(args[0], "=") || len(args) > 1 || opts.Provider != ""
}
func exportSecretCommand(docker docker.Client) *cobra.Command {
return &cobra.Command{
Use: "export [server1] [server2] ...",
Short: "Export secrets for the specified servers",
Hidden: true,
Args: cobra.MinimumNArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
secrets, err := secret.Export(cmd.Context(), docker, args)
if err != nil {
return err
}
for name, secret := range secrets {
_, _ = fmt.Fprintf(cmd.OutOrStdout(), "%s=%s\n", name, secret)
}
return nil
},
}
}