Merge branch 'adrienkohlbecker:master' into master

Author: ashansk

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: golang:1.11
+      - image: golang:1.16
     working_directory: /go/src/github.com/adrienkohlbecker/ejson-kms
     environment:
       TEST_RESULTS: /tmp/test-results

CHANGELOG.md

@@ -1,29 +1,38 @@
+# 4.3.0 - August 22nd, 2021
+
+* Added `bash-ifnotset` and `bash-ifempty` formatters
+
+# 4.2.0 - August 22nd, 2021
+
+* Switched to go modules and go 1.16
+* Added darwin/linux arm64 binary
+
 # 4.1.0 - March 27th, 2019
 
-Added support for yaml files in export subcommand.
+* Added support for yaml files in export subcommand.
 
 # 4.0.0 - January 29th, 2019
 
-Vendoring go dependencies using dep rather than gvt
-Use go-errors/errors upstream rather than own fork. This is breaking change for projects using this as a library as it changes the return type of most methods from `errors.Error` to `error`.
+* Vendoring go dependencies using dep rather than gvt
+* Use go-errors/errors upstream rather than own fork. This is breaking change for projects using this as a library as it changes the return type of most methods from `errors.Error` to `error`.
 
 # 3.0.0 - October 11th, 2016
 
-Removed the `export` keyword from BASH formatter.
-This is a breaking change that provides more secure defaults. Specifically,
+* Removed the `export` keyword from BASH formatter.
+* This is a breaking change that provides more secure defaults. Specifically,
 you will need to export the environment variables yourself if your app needs
 them outside of the BASH script.
 
 # 2.0.0 - October 10th, 2016
 
-Changed BASH escaping in export, now uses single quotes and no string processing.
-This is a breaking change, but is necessary to preserve multi-line strings such
+* Changed BASH escaping in export, now uses single quotes and no string processing.
+* This is a breaking change, but is necessary to preserve multi-line strings such
 as TLS keys when using the `eval "$(ejson-kms export)"` idiom.
 
 # 1.0.1 - October 6th, 2016
 
-Fixed `echo "foo\nbar" | ejson-kms add` previously added only the first line
+* Fixed `echo "foo\nbar" | ejson-kms add` previously added only the first line
 
 # 1.0.0 - September 28th, 2016
 
-Initial release of `ejson-kms`
+* Initial release of `ejson-kms`

Gopkg.lock

@@ -1,6 +1,6 @@
 # ejson-kms
 
-[![GoDoc](https://godoc.org/github.com/adrienkohlbecker/ejson-kms?status.svg)](https://godoc.org/github.com/adrienkohlbecker/ejson-kms) [![CircleCI](https://circleci.com/gh/adrienkohlbecker/ejson-kms/tree/master.svg?style=shield)](https://circleci.com/gh/adrienkohlbecker/ejson-kms/tree/master) [![Coverage Status](https://coveralls.io/repos/github/adrienkohlbecker/ejson-kms/badge.svg?branch=master)](https://coveralls.io/github/adrienkohlbecker/ejson-kms?branch=master)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/adrienkohlbecker/ejson-kms)](https://github.com/adrienkohlbecker/ejson-kms/releases/latest) ![GitHub downloads](https://img.shields.io/github/downloads/adrienkohlbecker/ejson-kms/total) [![GoDoc](https://godoc.org/github.com/adrienkohlbecker/ejson-kms?status.svg)](https://godoc.org/github.com/adrienkohlbecker/ejson-kms) [![CircleCI](https://circleci.com/gh/adrienkohlbecker/ejson-kms/tree/master.svg?style=shield)](https://circleci.com/gh/adrienkohlbecker/ejson-kms/tree/master) [![Coverage Status](https://coveralls.io/repos/github/adrienkohlbecker/ejson-kms/badge.svg?branch=master)](https://coveralls.io/github/adrienkohlbecker/ejson-kms?branch=master)
 
 `ejson-kms` is a utility for managing a collection of secrets in source control using AWS KMS.
 
@@ -131,10 +131,10 @@ The binaries are signed using the GPG key `C248DE6357445D6302F9A62E74BFD03C20CC2
 You can install `ejson-kms` on Linux with the following:
 
 ```bash
-export EJSON_KMS_VERSION="4.1.0"
+export EJSON_KMS_VERSION="4.2.0"
 curl -Lo ejson-kms https://github.com/adrienkohlbecker/ejson-kms/releases/download/$EJSON_KMS_VERSION/ejson-kms-$EJSON_KMS_VERSION-linux-amd64
 curl -Lo ejson-kms.asc https://github.com/adrienkohlbecker/ejson-kms/releases/download/$EJSON_KMS_VERSION/ejson-kms-$EJSON_KMS_VERSION-linux-amd64.asc
-gpg --keyserver ha.pool.sks-keyservers.net --recv-keys C248DE6357445D6302F9A62E74BFD03C20CC21AF
+gpg --keyserver keyserver.ubuntu.com --recv-keys C248DE6357445D6302F9A62E74BFD03C20CC21AF
 gpg --verify ejson-kms.asc
 chmod +x ejson-kms
 ```

Gopkg.toml

@@ -11,5 +11,7 @@ SHA1=$(git rev-parse HEAD)
 git tag --sign --local-user="0x20CC21AF" --annotate --message "$VERSION" "$VERSION" HEAD
 
 VERSION=$VERSION SHA1=$SHA1 GOOS=darwin GOARCH=amd64 bin/build
+VERSION=$VERSION SHA1=$SHA1 GOOS=darwin GOARCH=arm64 bin/build
 VERSION=$VERSION SHA1=$SHA1 GOOS=linux GOARCH=amd64 bin/build
+VERSION=$VERSION SHA1=$SHA1 GOOS=linux GOARCH=arm64 bin/build
 VERSION=$VERSION SHA1=$SHA1 GOOS=windows GOARCH=amd64 bin/build

README.md

@@ -16,10 +16,13 @@ export: Export a secrets file in it's decrypted form.
 Each secret in the file will be decrypted and output to standard out.
 A number of formats are available:
 
-  * bash:   SECRET='password'
-  * dotenv: SECRET="password"
-  * json:   { "secret": "password" }
-  * yaml:   secret: password
+  * bash:          SECRET='password'
+  * dotenv:        SECRET="password"
+  * json:          { "secret": "password" }
+  * yaml:          secret: password
+  * bash-ifnotset: : ${SECRET='password'}
+  * bash-ifempty:  : ${SECRET:='password'}
+  
 
 Please be careful when exporting your secrets, do not save them to disk!
 `
@@ -44,7 +47,7 @@ func exportCmd() *cobra.Command {
 	)
 
 	cmd.Flags().StringVar(&storePath, "path", storePath, "path of the secrets file")
-	cmd.Flags().StringVar(&format, "format", format, "format of the generated output (bash|dotenv|json|yaml)")
+	cmd.Flags().StringVar(&format, "format", format, "format of the generated output (bash|dotenv|json|yaml|bash-ifnotset|bash-ifempty)")
 
 	cmd.RunE = func(_ *cobra.Command, args []string) error {
 

bin/release

@@ -30,3 +30,59 @@ func Bash(w io.Writer, creds <-chan Item) error {
 	return nil
 
 }
+
+// BashIfNotSet implements the Formatter interface.
+//
+// It outputs the decrypted secrets in the form:
+//
+//   : ${MY_SECRET='my value'}
+//   : ${ANOTHER_ONE='string with ''quotes'''}
+//
+// The secret names are capitalized and the no processing is done to the string
+// except replacing all `'` with `''`.
+//
+// This will set the environment variable
+// only if it has not been previously set.
+func BashIfNotSet(w io.Writer, creds <-chan Item) error {
+
+	for item := range creds {
+		key := strings.ToUpper(item.Name)
+		value := item.Plaintext
+		value = strings.Replace(value, "'", "''", -1)
+		_, err := fmt.Fprintf(w, ": ${%s='%s'}\n", key, value)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+
+}
+
+// BashIfEmpty implements the Formatter interface.
+//
+// It outputs the decrypted secrets in the form:
+//
+//   : ${MY_SECRET:='my value'}
+//   : ${ANOTHER_ONE:='string with ''quotes'''}
+//
+// The secret names are capitalized and the no processing is done to the string
+// except replacing all `'` with `''`.
+//
+// This will set the environment variable
+// only if it has not been previously set or if it is an empty string.
+func BashIfEmpty(w io.Writer, creds <-chan Item) error {
+
+	for item := range creds {
+		key := strings.ToUpper(item.Name)
+		value := item.Plaintext
+		value = strings.Replace(value, "'", "''", -1)
+		_, err := fmt.Fprintf(w, ": ${%s:='%s'}\n", key, value)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+
+}