-
-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add thycotic/dsv-cli #6892
Conversation
Thank you for your contribution! |
Let me fix same as #6889 (comment) . |
@suzuki-shunsuke i can do it. You said to just re-run those commands to get it up to speed right? |
I didn't put this under |
Yes. But in case of this tool, we have to fix generated configuration manually. $ rm -R pkgs/dsv
$ aqua-registry scaffold thycotic/dsv-cli # The command would fail. We have to fix the configuration
$ vim pkgs/thycotic/dsv-cli/registry.yaml # Fix manually
packages:
- type: github_release
repo_owner: thycotic
repo_name: dsv-cli
asset: dsv-{{.OS}}-{{.Arch}}
format: raw
replacements:
amd64: x64
windows: win
supported_envs:
- darwin
- amd64
files: # Added
- name: dsv
checksum:
type: github_release
asset: "{{.Asset}}-sha256.txt" # Fixed
file_format: regexp
algorithm: sha256
pattern:
checksum: "^(\\b[A-Fa-f0-9]{64}\\b)"
file: "^\\b[A-Fa-f0-9]{64}\\b\\s+\\./(\\S+)$" # Fixed |
aqua supports renaming the package, so the package name should be e.g. #6674 https://aquaproj.github.io/docs/reference/registry-config/aliases |
@suzuki-shunsuke ok hopefully i got it right this time 👍🏻 cheers |
pkgs/thycotic/dsv-cli/registry.yaml
Outdated
- vault | ||
files: | ||
- name: dsv | ||
src: 'dsv-{{.OS}}-{{.Arch}}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
src: 'dsv-{{.OS}}-{{.Arch}}' |
If the format is raw
, files[].src
isn't needed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without that it comes up as dsv-cli
. I need it to be dsv
. The files section seemed to rename it correctly. Suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should specify only name
.
files:
- name: dsv
https://github.com/aquaproj/aqua-registry/actions/runs/3208474025/jobs/5244366179 Please run $ aqua-registry gr |
Working on it! Will have to pick up later and resolve it. Would you be interested in a pre-commit hook config that would ensure aqua generate results in no changes before pushing? That can be added for contributors so it doesn't get missed if you'd like something. |
It is good, but we don't want to add dependencies as much as possible. |
Co-authored-by: Shunsuke Suzuki <suzuki-shunsuke@users.noreply.github.com>
Oh, the format of checksum file is different.
dsv-darwin-arm64-sha256.txt:
|
Fixed the checksum config. cd671d0 |
Thank you 🙏 |
#6892 thycotic/dsv-cli: Delinea DevOps Secrets Vault is a cli tool for retrieval of secrets, cert generation, key/value retrieval, and general management of the DSV system from the cli.
Disclaimer: I recently transitioned to working on the team that builds this. I'm planning on publishing some homebrew, maybe snap and others publishing methods, but as I've adopted aqua this week in my own workflow (and also adding to public devcontainer setup!), I wanted to get this added to make folks lives easier who might use it for secrets. My contribution is mine alone as a dev, and not initiated or asked for the company.
aqua g -i thycotic/dsv-cli
How to confirm if this package works well
dsv --version
It's an interface to a backend system
Fully leveraging the tool as it's an interface for the cloud product can be done via a free account dsv. Note that the wording says trial, but it's a free tier product that's fully usable by an individual.
Sorta similar to running the hashi vault cli, which says:
Use Example
I'm going to do a write-up to publish soon on how to use in local development, but here's a brief example I just found a really nice use for. I don't expect the reviewer to do this, but capturing a use I just knocked out that helped me in home/work usage in removing more sensitive values from plaintext files.
I use
direnv
and have it hooked into zsh. I setup projects to source$HOME/.envrc
so my secrets stay out of the projects in any way.However, I also want to strip out secrets being in the $HOME/.envrc, but I still want to leverage many devops tools that are much easier to work with if GITHUB_TOKEN and other variables are setup (like Pulumi, gh cli, and even aqua).
So after fighting another cli that kept prompting every single terminal session and annoyed me, I setup a new dsv account for myself, and ran
dsv init
. I choose a long caching session since it's for me, and means I'll never worry about running out of free tier calls.Before
After
Since it's cached it's blazing fast (I don't even notice it anymore during load!) and I have a step further towards more secure local development practices.
Reference