Merge pull request #23 from jkroepke/name-secret-yaml

Remove secret file name restriction

Author: jkroepke

CHANGELOG.md

@@ -7,7 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+* Add Vault support (https://github.com/jkroepke/helm-secrets/pull/22)
 * Secret driver to gain secrets from other sources then sops. (https://github.com/jkroepke/helm-secrets/pull/16)
+* Remove name restriction (https://github.com/jkroepke/helm-secrets/pull/23)
 
 ### Changed
 

USAGE.md

@@ -22,6 +22,8 @@ Available Commands:
 
 By convention, files containing secrets are named `secrets.yaml`, or anything beginning with "secrets" and ending with ".yaml". E.g. `secrets.test.yaml`, `secrets.prod.yaml` `secretsCOOL.yaml`.
 
+**But unlike zendesk/helm-secrets, you can name your secret file as you want**
+
 Decrypted files have the suffix ".yaml.dec" by default. This can be changed using the `HELM_SECRETS_DEC_SUFFIX` environment variable.
 
 ## Basic commands:

scripts/commands/clean.sh

@@ -27,5 +27,5 @@ clean() {
         exit 1
     fi
 
-    find "$basedir" -type f -name "secrets*${DEC_SUFFIX}" -exec rm -v {} \;
+    find "$basedir" -type f -name "*${DEC_SUFFIX}" -exec rm -v {} \;
 }

scripts/commands/helm.sh

@@ -10,7 +10,7 @@ helm_command_usage() {
 helm secrets $1 [ --driver <driver> | -d <driver> ] [ --quiet | -q ]
 
 This is a wrapper for "helm [command]". It will detect -f and
---values options, and decrypt any secrets*.yaml files before running "helm
+--values options, and decrypt any encrypted *.yaml files before running "helm
 [command]".
 
 Example:

scripts/commands/view.sh

@@ -6,7 +6,7 @@ view_usage() {
     cat <<EOF
 helm secrets view [ --driver <driver> | -d <driver> ] <path to file>
 
-View specified secrets[.*].yaml file
+View specified encrypted yaml file
 
 Typical usage:
   $ helm secrets view secrets/myproject/nginx/secrets.yaml | grep basic_auth

scripts/drivers/noop.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env sh
 
 driver_is_file_encrypted() {
-    false
+    true
 }
 
 driver_encrypt_file() {

scripts/run.sh

@@ -36,7 +36,7 @@ Available Commands:
   view    Print secrets decrypted
   edit    Edit secrets file and encrypt afterwards
   clean   Remove all decrypted files in specified directory (recursively)
-  <cmd>   wrapper that decrypts secrets[.*].yaml files before running helm <cmd>
+  <cmd>   wrapper that decrypts encrypted yaml files before running helm <cmd>
 
 EOF
 }

tests/assets/values/noop/some-secrets.yaml

@@ -0,0 +1,22 @@
+global_secret: global_bar
+key: |-
+    -----BEGIN PGP MESSAGE-----
+
+    wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P
+    PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI
+    3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY
+    c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj
+    yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE
+    PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9
+    GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i
+    yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0
+    GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1
+    K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr
+    DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS
+    4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi
+    EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h
+    EzAA
+    =jf7D
+    -----END PGP MESSAGE-----
+service:
+    port: 83

tests/assets/values/sops/some-secrets.dec.yaml

@@ -0,0 +1,23 @@
+global_secret: global_bar
+key: |-
+    -----BEGIN PGP MESSAGE-----
+
+    wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P
+    PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI
+    3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY
+    c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj
+    yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE
+    PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9
+    GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i
+    yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0
+    GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1
+    K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr
+    DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS
+    4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi
+    EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h
+    EzAA
+    =jf7D
+    -----END PGP MESSAGE-----
+service:
+    port: 83
+

tests/assets/values/sops/some-secrets.yaml

@@ -0,0 +1,28 @@
+global_secret: ENC[AES256_GCM,data:QSuqKj9jUft+Ug==,iv:CXfhR2O5l6IF8KI5SSDxMiWQ7kghfHHb1wASAJ7JMPw=,tag:g/n7/KeltD1ODvolNCLD1w==,type:str]
+key: ENC[AES256_GCM,data:9nAQWTLrA71vJ82ebiEWOP/bt3B3AjCllGRiAU1szxcN95papkFeNRl3mBJT0fqhbsMD/B3hmO+kRbxxzoDAezXI0gDIrlo9fyxoSwzsRxYBzHqg4USFs6iI+THFQLkxDaCu45Ku2cxksdBTBFpswkyk0ZBFhASLfT59GhWji4+n19MXPwb0tyGiCyIpgteXBA7FdMCiLc4ZRTZechZVpvfu1EJf5UgDT39dBAn9+Rwn0oQpDKTHij908VLsH18XcCgISYnixyoShqQxtmFbLipi1Blzs5zqgYFE7BbZ6ZgdCm69/WSXBiLabG+KYMPeEYXI6IRMbf+5qteWqEriRLmjKKbRFRjIdPI3+6ysySje0xYSUHOD3YjpzzeiQPT0OqzPJ/H7LZAO+/MUhel7h83HxzWYR33ieJLE/MghpQYN4zPgqzK4XQpb5ERHtpGrXSbzcSIcICTDrlNf9T7r3SzmHXulUMAIx/AH0s3Kyuv0BzUKWYNNgwj9j99FxofQsdJHx16qph0vu7y1iKu9/Jy89rPWn/LOh8llCGztQj+TXygnUyUfMHXMBAe0X+abCu7WcWuij9ow+adA9HxCA8ezue1pPPDoPTk0OnM7FUxVdgLgEBZu0gEl3jkhVEhouLIka08fE6eJL/iNmepqFb+x815pPVVsJkDDeKxjxt+YwAYgm3BX+ZZdLZVtg93AIEPUeBgZRGw4bYQWvsKwmC8zZhLvMsyX4NwKTj+gViXsCrSv92i1epZZwrzj+xszExz3k3633VdwMOqNtK0/c9GhzSNSktkw9yKMSGTEp4O8TYepovjM/Vei0M9FQ0+rQfLEaRyPMeCIhysh2ggXxIWr5kQdEH3KCIm1aJDRA9QVOvUeXcenfN7x9pG9mqMNkumVu4ops4rDCOy/NlSvJW+n7vk+wHqSIKtwWZxNX+HRQgSmHZmvQS8IEyK5vQOxD8rQD2Er+w6Io6PvLm2F1Op1mV7ea+Lvg2pStFkQVCgRP/TbejN7gNBEsNTkel1D1uEgT2wvN+j2iFvNyEhUFUylaeUBYmDHJ9ZjQqJ2/3QZzR2yN2i+HN9sVZGdHm6bBH08GtDmjliqh8CKRjh0OMJfCZ1ZcoSBz1/m0E5zAZl3ZMuTDZaW70QsO4FoxA0oUqD14c4nxhqL3B9SxA6ErrYWY1+j3vo/ws6sBzWWzLXC59SwlwMg3PytxNWLpw==,iv:w0KBImdBsS63co+HyQVOYOxOFI/tLeRYnr+L+lCcNo8=,tag:ReQ99Km7LDQwEnlN/ppmxg==,type:str]
+service:
+    port: ENC[AES256_GCM,data:KVc=,iv:chJgrn3o4I9D8njAeHPJRfVehfYpOcIWdcVfODvUDp8=,tag:KQH65Yuys5EuzyYJzER/cg==,type:int]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    lastmodified: '2020-05-06T21:50:37Z'
+    mac: ENC[AES256_GCM,data:ZDosePjT2f1T172mFm/zb6znA/uhv3e5cNrlC9krjRXtLBw8GWwn6Zd7OgJ2h38cDuaLpvl56uGmdCSx0rVzRZUwMfkrbQLHOLnwkxeKEPPqhqsKCVIcuHNwlkrTpVfIlfFy4zAiA4UdoSWZtMY2HdA6Ol/D5HZDqQCYSUbWpV0=,iv:V9O/qgUN4PGDB30QKi1A6DYW0Fb9AVfWmzAnRexyzKw=,tag:TBl02haJuEbBd0PYyXEPKQ==,type:str]
+    pgp:
+    -   created_at: '2020-05-06T20:54:30Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA9ce5qCwOO4MAQgAhLFu+zlo/fPrfAVGeQVEIEttihpMzo7CSRJDGYqSqgOO
+            g/NbA/hDVWkE9jzGnxDY01W9RR4FOss+yd1SHlNzsPDDfkXi8e2PA8tNR6XKyoSq
+            aCMYE4TP8JnH2hplxWucib5va2EUkgwAF+86I/ISlMLIXqeVE6xKJAuGcPQ8UwDG
+            YUO5KzcLF8oTyoRGxvakIiCAfCWrzz7wBkT8KG5t8pQvucTtvzOpiexRL/9OU+SA
+            Spgp8WPds+A9WArkLVQ7lcZhI0XiMxITmZdBgXGIG+1pMoGjajXUk2SA5FXeHkgH
+            kgfAhsDlEI3mfSwYMwuFP5/659Wl3gWkMIlTpfBY2NJeAUeCmOKYRwTHR8UFa2Gg
+            wF7wB+aj71S6v4kO932ZFHNNL0JS8OGqg/IigOhgjIC/7ozHehhKNIxCUre2g1Ws
+            dj7U81vziuDuH/sOrgwYdqfQHa6ytoomZbiYLQl4wg==
+            =5Jl6
+            -----END PGP MESSAGE-----
+        fp: D6174A02027050E59C711075B430C4E58E2BBBA3
+    unencrypted_suffix: _unencrypted
+    version: 3.5.0