flowexec
diff --git a/‎.golangci.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.golangci.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/internal/config.go‎
Lines changed: 0 additions & 3 deletions b/‎cmd/internal/config.go‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎cmd/internal/exec.go‎
Lines changed: 6 additions & 3 deletions b/‎cmd/internal/exec.go‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎cmd/internal/flags/types.go‎
Lines changed: 51 additions & 0 deletions b/‎cmd/internal/flags/types.go‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎cmd/internal/secret.go‎
Lines changed: 134 additions & 30 deletions b/‎cmd/internal/secret.go‎
Lines changed: 134 additions & 30 deletions
@@ -92,7 +92,7 @@ linters:
         text: G115
       - linters:
           - staticcheck
-        text: SA5011
+        text: (SA5011|SA5001)
       - path: (.+)\.go$
         text: declaration of "(err|ctx)" shadows declaration at
     paths:
 
@@ -92,7 +92,6 @@ func registerSetNamespaceCmd(ctx *context.Context, setCmd *cobra.Command) {
 		Aliases: []string{"ns"},
 		Short:   "Change the current namespace.",
 		Args:    cobra.ExactArgs(1),
-		PreRun:  func(cmd *cobra.Command, args []string) { printContext(ctx, cmd) },
 		Run:     func(cmd *cobra.Command, args []string) { setNamespaceFunc(ctx, cmd, args) },
 	}
 	setCmd.AddCommand(namespaceCmd)
@@ -115,7 +114,6 @@ func registerSetWorkspaceModeCmd(ctx *context.Context, setCmd *cobra.Command) {
 		Short:     "Switch between fixed and dynamic workspace modes.",
 		Args:      cobra.ExactArgs(1),
 		ValidArgs: []string{"fixed", "dynamic"},
-		PreRun:    func(cmd *cobra.Command, args []string) { printContext(ctx, cmd) },
 		Run:       func(cmd *cobra.Command, args []string) { setWorkspaceModeFunc(ctx, cmd, args) },
 	}
 	setCmd.AddCommand(workspaceModeCmd)
@@ -142,7 +140,6 @@ func registerSetLogModeCmd(ctx *context.Context, setCmd *cobra.Command) {
 		Short:     "Set the default log mode.",
 		Args:      cobra.ExactArgs(1),
 		ValidArgs: []string{"logfmt", "json", "text", "hidden"},
-		PreRun:    func(cmd *cobra.Command, args []string) { printContext(ctx, cmd) },
 		Run:       func(cmd *cobra.Command, args []string) { setLogModeFunc(ctx, cmd, args) },
 	}
 	setCmd.AddCommand(logModeCmd)
 
@@ -26,6 +26,7 @@ import (
 	"github.com/jahvon/flow/internal/services/store"
 	argUtils "github.com/jahvon/flow/internal/utils/args"
 	"github.com/jahvon/flow/internal/vault"
+	vaultV2 "github.com/jahvon/flow/internal/vault/v2"
 	"github.com/jahvon/flow/types/executable"
 )
 
@@ -156,7 +157,9 @@ func execFunc(ctx *context.Context, cmd *cobra.Command, verb executable.Verb, ar
 		}
 	}
 
-	setAuthEnv(ctx, cmd, e)
+	if ctx.Config.CurrentVault == nil || *ctx.Config.CurrentVault == vaultV2.LegacyVaultReservedName {
+		setAuthEnv(ctx, cmd, e, false)
+	}
 	startTime := time.Now()
 	eng := engine.NewExecEngine()
 	if err := runner.Exec(ctx, e, eng, envMap); err != nil {
@@ -215,8 +218,8 @@ func runByRef(ctx *context.Context, cmd *cobra.Command, argsStr string) error {
 	return nil
 }
 
-func setAuthEnv(ctx *context.Context, _ *cobra.Command, executable *executable.Executable) {
-	if authRequired(ctx, executable) {
+func setAuthEnv(ctx *context.Context, _ *cobra.Command, executable *executable.Executable, force bool) {
+	if authRequired(ctx, executable) || force {
 		form, err := views.NewForm(
 			io.Theme(ctx.Config.Theme.String()),
 			ctx.StdIn(),
 
@@ -183,3 +183,54 @@ var ParameterValueFlag = &Metadata{
 		"This will override any existing parameter values defined for the executable.",
 	Default: []string{},
 }
+
+var VaultTypeFlag = &Metadata{
+	Name:      "type",
+	Shorthand: "t",
+	Usage:     "Vault type. Either age or aes256",
+	Default:   "aes256",
+	Required:  false,
+}
+
+var VaultPathFlag = &Metadata{
+	Name:      "path",
+	Shorthand: "p",
+	Usage:     "Directory that the vault will use to store its data. If not set, the vault will be stored in the flow cache directory.",
+	Default:   "",
+	Required:  false,
+}
+
+var VaultKeyEnvFlag = &Metadata{
+	Name:     "key-env",
+	Usage:    "Environment variable name for the vault encryption key. Only used for AES256 vaults.",
+	Default:  "",
+	Required: false,
+}
+
+var VaultKeyFileFlag = &Metadata{
+	Name:     "key-file",
+	Usage:    "File path for the vault encryption key. An absolute path is recommended. Only used for AES256 vaults.",
+	Default:  "",
+	Required: false,
+}
+
+var VaultRecipientsFlag = &Metadata{
+	Name:     "recipients",
+	Usage:    "Comma-separated list of recipient keys for the vault. Only used for Age vaults.",
+	Default:  "",
+	Required: false,
+}
+
+var VaultIdentityEnvFlag = &Metadata{
+	Name:     "identity-env",
+	Usage:    "Environment variable name for the Age vault identity. Only used for Age vaults.",
+	Default:  "",
+	Required: false,
+}
+
+var VaultIdentityFileFlag = &Metadata{
+	Name:     "identity-file",
+	Usage:    "File path for the Age vault identity. An absolute path is recommended. Only used for Age vaults.",
+	Default:  "",
+	Required: false,
+}
@@ -13,7 +13,10 @@ import (
 	"github.com/jahvon/flow/internal/context"
 	"github.com/jahvon/flow/internal/io"
 	"github.com/jahvon/flow/internal/io/secret"
+	secretV2 "github.com/jahvon/flow/internal/io/secret/v2"
 	"github.com/jahvon/flow/internal/vault"
+	vaultV2 "github.com/jahvon/flow/internal/vault/v2"
+	"github.com/jahvon/flow/types/config"
 )
 
 func RegisterSecretCmd(ctx *context.Context, rootCmd *cobra.Command) {
@@ -65,10 +68,24 @@ func removeSecretFunc(ctx *context.Context, _ *cobra.Command, args []string) {
 		return
 	}
 
-	v := vault.NewVault(logger)
-	if err = v.DeleteSecret(reference); err != nil {
-		logger.FatalErr(err)
+	if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
+		logger.Warnf("Using deprecated vault. Consider creating a new vault with 'flow vault create' command.")
+		v := vault.NewVault(logger)
+		if err = v.DeleteSecret(reference); err != nil {
+			logger.FatalErr(err)
+		}
+	} else {
+		_, v, err := vaultV2.VaultFromName(currentVault(ctx.Config))
+		defer v.Close()
+
+		if err != nil {
+			logger.FatalErr(err)
+		}
+		if err = v.DeleteSecret(reference); err != nil {
+			logger.FatalErr(err)
+		}
 	}
+
 	logger.PlainTextSuccess(fmt.Sprintf("Secret '%s' deleted from vault", reference))
 }
 
@@ -78,7 +95,6 @@ func registerSetSecretCmd(ctx *context.Context, secretCmd *cobra.Command) {
 		Aliases: []string{"new", "create", "update"},
 		Short:   "Set a secret in the current vault. If no value is provided, you will be prompted to enter one.",
 		Args:    cobra.MinimumNArgs(1),
-		PreRun:  func(cmd *cobra.Command, args []string) { printContext(ctx, cmd) },
 		Run:     func(cmd *cobra.Command, args []string) { setSecretFunc(ctx, cmd, args) },
 	}
 	secretCmd.AddCommand(setCmd)
@@ -115,11 +131,29 @@ func setSecretFunc(ctx *context.Context, _ *cobra.Command, args []string) {
 	}
 
 	sv := vault.SecretValue(value)
-	v := vault.NewVault(logger)
-	err := v.SetSecret(reference, sv)
-	if err != nil {
-		logger.FatalErr(err)
+	vaultName := currentVault(ctx.Config)
+	if vaultName == vaultV2.LegacyVaultReservedName {
+		logger.Warnf(
+			"Using deprecated vault '%s'. Consider creating a new vault with 'flow vault create' command.",
+			vaultName,
+		)
+		v := vault.NewVault(logger)
+		err := v.SetSecret(reference, sv)
+		if err != nil {
+			logger.FatalErr(err)
+		}
+	} else {
+		_, v, err := vaultV2.VaultFromName(vaultName)
+		defer v.Close()
+
+		if err != nil {
+			logger.FatalErr(err)
+		}
+		if err = v.SetSecret(reference, vaultV2.NewSecretValue([]byte(value))); err != nil {
+			logger.FatalErr(err)
+		}
 	}
+
 	logger.PlainTextSuccess(fmt.Sprintf("Secret %s set in vault", reference))
 }
 
@@ -143,17 +177,45 @@ func listSecretFunc(ctx *context.Context, cmd *cobra.Command, _ []string) {
 	asPlainText := flags.ValueFor[bool](ctx, cmd, *flags.OutputSecretAsPlainTextFlag, false)
 	outputFormat := flags.ValueFor[string](ctx, cmd, *flags.OutputFormatFlag, false)
 
-	v := vault.NewVault(logger)
-	secrets, err := v.GetAllSecrets()
-	if err != nil {
-		logger.FatalErr(err)
-	}
+	//nolint:nestif
+	if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
+		v := vault.NewVault(logger)
+		secrets, err := v.GetAllSecrets()
+		if err != nil {
+			logger.FatalErr(err)
+		}
 
-	interactiveUI := TUIEnabled(ctx, cmd)
-	if interactiveUI {
-		secret.LoadSecretListView(ctx, asPlainText)
+		interactiveUI := TUIEnabled(ctx, cmd)
+		if interactiveUI {
+			secret.LoadSecretListView(ctx, asPlainText)
+		} else {
+			secret.PrintSecrets(ctx, secrets, outputFormat, asPlainText)
+		}
 	} else {
-		secret.PrintSecrets(ctx, secrets, outputFormat, asPlainText)
+		name := currentVault(ctx.Config)
+		interactiveUI := TUIEnabled(ctx, cmd)
+
+		_, v, err := vaultV2.VaultFromName(name)
+		defer func() {
+			// Don't close the vault prematurely if we're in interactive mode
+			go func() {
+				if interactiveUI {
+					ctx.TUIContainer.WaitForExit()
+				}
+				_ = v.Close()
+			}()
+		}()
+
+		if err != nil {
+			logger.FatalErr(err)
+		}
+
+		if interactiveUI {
+			view := secretV2.NewSecretListView(ctx, v, asPlainText)
+			SetView(ctx, cmd, view)
+		} else {
+			secretV2.PrintSecrets(ctx, name, v, outputFormat, asPlainText)
+		}
 	}
 }
 
@@ -176,23 +238,65 @@ func getSecretFunc(ctx *context.Context, cmd *cobra.Command, args []string) {
 	asPlainText := flags.ValueFor[bool](ctx, cmd, *flags.OutputSecretAsPlainTextFlag, false)
 	copyValue := flags.ValueFor[bool](ctx, cmd, *flags.CopyFlag, false)
 
-	v := vault.NewVault(logger)
-	s, err := v.GetSecret(reference)
-	if err != nil {
-		logger.FatalErr(err)
-	}
+	//nolint:nestif
+	if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
+		logger.Warnf("Using deprecated vault. Consider creating a new vault with 'flow vault create' command.")
+		v := vault.NewVault(logger)
+		s, err := v.GetSecret(reference)
+		if err != nil {
+			logger.FatalErr(err)
+		}
 
-	if asPlainText {
-		logger.PlainTextInfo(s.PlainTextString())
+		if asPlainText {
+			logger.PlainTextInfo(s.PlainTextString())
+		} else {
+			logger.PlainTextInfo(s.String())
+		}
+
+		if copyValue {
+			if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
+				logger.Error(err, "\nunable to copy secret value to clipboard")
+			} else {
+				logger.PlainTextSuccess("\ncopied secret value to clipboard")
+			}
+		}
 	} else {
-		logger.PlainTextInfo(s.String())
-	}
+		rVault, key, err := vaultV2.RefToParts(vaultV2.SecretRef(reference))
+		if err != nil {
+			logger.FatalErr(err)
+		}
+		if rVault == "" {
+			rVault = currentVault(ctx.Config)
+		}
+		_, v, err := vaultV2.VaultFromName(rVault)
+		defer v.Close()
+
+		if err != nil {
+			logger.FatalErr(err)
+		}
+		s, err := v.GetSecret(key)
+		if err != nil {
+			logger.FatalErr(err)
+		}
 
-	if copyValue {
-		if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
-			logger.Error(err, "\nunable to copy secret value to clipboard")
+		if asPlainText {
+			logger.PlainTextInfo(s.PlainTextString())
 		} else {
-			logger.PlainTextSuccess("\ncopied secret value to clipboard")
+			logger.PlainTextInfo(s.String())
 		}
+		if copyValue {
+			if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
+				logger.Error(err, "\nunable to copy secret value to clipboard")
+			} else {
+				logger.PlainTextSuccess("\ncopied secret value to clipboard")
+			}
+		}
+	}
+}
+
+func currentVault(cfg *config.Config) string {
+	if cfg.CurrentVault == nil || *cfg.CurrentVault == "" {
+		return vaultV2.LegacyVaultReservedName
 	}
+	return *cfg.CurrentVault
 }