Skip to content

Commit dcbc216

Browse files
lukaszcllukaszcl
committed
Add env flag for GitHub secrets management
1 parent a83d40e commit dcbc216

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

tools/ghsecrets/main.go

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ func main() {
2727
var decode bool // Decode flag for `get`
2828
var profile string // AWS profile to use
2929
var sharedWith []string // List of ARNs to share the secret with
30+
var env string // Environment name for GitHub secrets
3031

3132
// Set Command
3233
var setCmd = &cobra.Command{
@@ -53,7 +54,7 @@ func main() {
5354

5455
switch strings.ToLower(backend) {
5556
case "github":
56-
if err := setGitHubSecret(filePath, secretID); err != nil {
57+
if err := setGitHubSecret(filePath, secretID, env); err != nil {
5758
exitWithError(err, "Failed to set GitHub secret")
5859
return
5960
}
@@ -104,6 +105,7 @@ func main() {
104105
setCmd.PersistentFlags().StringVarP(&backend, "backend", "b", "aws", "Backend to use for storing secrets. Options: github, aws")
105106
setCmd.PersistentFlags().StringVar(&profile, "profile", "", "AWS profile to use for credentials (required for AWS backend)")
106107
setCmd.PersistentFlags().StringSliceVar(&sharedWith, "shared-with", []string{}, "Comma-separated list of IAM ARNs to share the secret with")
108+
setCmd.PersistentFlags().StringVar(&env, "env", "", "Optional environment name (for GitHub Secrets)")
107109

108110
getCmd.PersistentFlags().StringVarP(&secretID, "secret-id", "s", "", "ID of the secret to retrieve")
109111
getCmd.PersistentFlags().BoolVarP(&decode, "decode", "d", true, "Decode the Base64-encoded secret value")
@@ -117,15 +119,23 @@ func main() {
117119
}
118120

119121
// setGitHubSecret creates or updates a secret in GitHub
120-
func setGitHubSecret(filePath, secretID string) error {
122+
func setGitHubSecret(filePath, secretID, env string) error {
121123
data, err := os.ReadFile(filePath)
122124
if err != nil {
123125
return fmt.Errorf("failed to read file: %w", err)
124126
}
125127

126128
encoded := base64.StdEncoding.EncodeToString(data)
127129

128-
setSecretCmd := exec.Command("gh", "secret", "set", secretID, "--body", encoded)
130+
// Build the gh command
131+
args := []string{"secret", "set", secretID, "--body", encoded}
132+
133+
// If --env was provided, add the environment argument
134+
if env != "" {
135+
args = append(args, "--env", env)
136+
}
137+
138+
setSecretCmd := exec.Command("gh", args...)
129139
setSecretCmd.Stdin = strings.NewReader(encoded)
130140

131141
output, err := setSecretCmd.CombinedOutput()
@@ -134,7 +144,7 @@ func setGitHubSecret(filePath, secretID string) error {
134144
}
135145

136146
fmt.Printf(
137-
"Test secret set successfully in GitHub with key: %s\n\n"+
147+
"Test secret set successfully in GitHub Secrets with key: %s\n\n"+
138148
"To run a GitHub workflow with the test secrets, use the 'test_secrets_override_key' flag.\n"+
139149
"Example: gh workflow run ${workflow_name} -f test_secrets_override_key=%s\n",
140150
secretID, secretID,

0 commit comments

Comments
 (0)