Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/setec: do not prompt for secret values when stdin is a pipe #81

Merged
merged 2 commits into from
Oct 6, 2023
Merged

cmd/setec: do not prompt for secret values when stdin is a pipe #81

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1b30c4f
cmd/setec: do not prompt for secret values when stdin is a pipe
creachadair Oct 6, 2023
e7e5907
update help text
creachadair Oct 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions cmd/setec/setec.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,9 @@ With --if-changed, return the active value only if it differs from --version.`,
Usage: "<secret-name>",
Help: `Put a new value for the specified secret.

With --from-file, the new value is read from the specified file; otherwise
the user is prompted for a new value and confirmation at the terminal.`,
With --from-file, the new value is read from the specified file; otherwise if
stdin is connected to a pipe, its contents are fully read to obtain the new
value. Otherwise, the user is prompted for a new value and confirmation.`,

SetFlags: command.Flags(flax.MustBind, &putArgs),
Run: command.Adapt(runPut),
Expand Down Expand Up @@ -361,7 +362,7 @@ func runGet(env *command.Env, name string) error {
}

var putArgs struct {
File string `flag:"from-file,Read secret value from this file instead of prompting"`
File string `flag:"from-file,Read secret value from this file instead of stdin"`
}

func runPut(env *command.Env, name string) error {
Expand All @@ -372,13 +373,16 @@ func runPut(env *command.Env, name string) error {

var value []byte
if putArgs.File != "" {
// The user requested we use input from a file.
var err error
value, err = os.ReadFile(putArgs.File)
if err != nil {
return err
}
value = bytes.TrimSpace(value)
} else {
} else if term.IsTerminal(int(os.Stdin.Fd())) {
// Standard input is connected to a terminal; prompt the human to type or
// paste the value and require confirmation.
var err error
io.WriteString(os.Stdout, "Enter secret: ")
os.Stdout.Sync()
Expand All @@ -400,6 +404,15 @@ func runPut(env *command.Env, name string) error {
if !bytes.Equal(value, s2) {
return errors.New("secrets do not match, aborting")
}
} else {
var err error
value, err = io.ReadAll(os.Stdin)
if err != nil {
return fmt.Errorf("read from stdin: %w", err)
} else if len(value) == 0 {
return errors.New("empty secret value")
}
fmt.Fprintf(env, "Read %d bytes from stdin\n", len(value))
}

ver, err := c.Put(env.Context(), name, value)
Expand Down