janware/jw-pkg
1
Code Pull requests Activity Actions
jw-pkg/src/python/jw/pkg/cmds/CmdSecrets.py

15 lines
396 B
Python
Raw Normal View History

cmds.CmdSecrets: Add command class + subcommands jw-pkg.py secrets [sub-command] [packages] is a set of utility commands designed to manage configuration files containing secrets. To keep secrets from leaking via version control or packages, a _template_ should be packaged for every sensitive configuration file. Then, during post-install, configuration files can be generated from packaged templates via jw-pkg.py secrets compile-templates <package> <package> ... During post-uninstall jw-pkg.py secrets rm-compilation-output <package> <package> ... removes them. Not specifying any packages will compile or remove all templates on the system. To identify which files to consider and generate or remove, the compilation scans <package> for files ending in .jw-tmpl. For each match, e.g. /path/to/some.conf.jw-tmpl it will read key-value pairs from /path/to/some.conf.jw-secret and generate /path/to/some.conf from it, replacing all keys by their respective values. The file attributes of the generated file can be determined by the first line: of some.conf.jw-tmpl or some.conf.jw-secret: # conf: owner=mysql; group=mysql; mode=0640 There are other commands for managing all secrets on the system at once, see jw-pkg.py secrets --help: compile-templates Compile package template files list-compilation-output List package compilation output files list-secrets List package secret files list-templates List package template files rm-compilation-output Remove package compilation output files Signed-off-by: Jan Lindemann <jan@janware.com>
2026-03-05 11:01:18 +01:00
# -*- coding: utf-8 -*-
from argparse import ArgumentParser
from ..App import App
from .Cmd import Cmd as CmdBase
class CmdSecrets(CmdBase): # export
def __init__(self, parent: App) -> None:
super().__init__(parent, 'secrets', help="Manage package secrets")
lib.Cmd.load_subcommands(): Add method Push cmds.Cmd._add_subcommands() as lib.Cmd.load_subcommands() one step up to the top of the type hierarchy ladder. By default, it does the same thing, i.e. load subcommands matching frobnicate.Cmd* if called on class CmdFrobnicate. This commit also replaces invocations of Cmd._add_subcommands() by invocations of this new method. Signed-off-by: Jan Lindemann <jan@janware.com>
2026-05-01 10:17:24 +02:00
self.load_subcommands()
cmds.CmdSecrets: Add command class + subcommands jw-pkg.py secrets [sub-command] [packages] is a set of utility commands designed to manage configuration files containing secrets. To keep secrets from leaking via version control or packages, a _template_ should be packaged for every sensitive configuration file. Then, during post-install, configuration files can be generated from packaged templates via jw-pkg.py secrets compile-templates <package> <package> ... During post-uninstall jw-pkg.py secrets rm-compilation-output <package> <package> ... removes them. Not specifying any packages will compile or remove all templates on the system. To identify which files to consider and generate or remove, the compilation scans <package> for files ending in .jw-tmpl. For each match, e.g. /path/to/some.conf.jw-tmpl it will read key-value pairs from /path/to/some.conf.jw-secret and generate /path/to/some.conf from it, replacing all keys by their respective values. The file attributes of the generated file can be determined by the first line: of some.conf.jw-tmpl or some.conf.jw-secret: # conf: owner=mysql; group=mysql; mode=0640 There are other commands for managing all secrets on the system at once, see jw-pkg.py secrets --help: compile-templates Compile package template files list-compilation-output List package compilation output files list-secrets List package secret files list-templates List package template files rm-compilation-output Remove package compilation output files Signed-off-by: Jan Lindemann <jan@janware.com>
2026-03-05 11:01:18 +01:00
def add_arguments(self, p: ArgumentParser) -> None:
super().add_arguments(p)
Copy permalink