Skip to content

Implement secrets management #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 26, 2025
Merged

Implement secrets management #10

merged 2 commits into from
Mar 26, 2025

Conversation

@dmjb
Copy link
Member

@dmjb dmjb commented Mar 26, 2025
edited
Loading

Implements a set of secrets management commands, along with a flag for
run which allows secrets to be injected as environment variables.

Note that this implementation stores the secrets to an unencrypted file
on disk. This will be changed in an upcoming PR.

Example of use:

$ bin/vt secret list
Available secrets:
  - fizz
  - foo
$ bin/vt run --secret=foo,target=FOO --secret=fizz,target=FIZZ alpine -- env
Logging to: /tmp/vibetool-alpine.log
MCP server alpine-1742982443 is running in the background (PID: 18425)
Use 'vibetool stop alpine-1742982443' to stop the server
$ docker ps -a
CONTAINER ID   IMAGE                           COMMAND                  CREATED              STATUS                          PORTS     NAMES
ed1bda951b03   alpine                          "env"                    About a minute ago   Exited (0) About a minute ago             alpine-1742982443
$ docker logs ed1bda951b03
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ed1bda951b03
FOO=bar
FIZZ=buzz
MCP_TRANSPORT=stdio
HOME=/root

@dmjb dmjb force-pushed the secret-interface branch 2 times, most recently from 056c350 to f01b665 Compare March 26, 2025 11:50
@dmjb
Implement secrets management
b1fe98a 
Implements a set of secrets management commands, along with a flag for
`run` which allows secrets to be injected as environment variables.

Note that this implementation stores the secrets to an unencrypted file
on disk. This will be changed in an upcoming PR.

Example of use:

```
$ bin/vt secret list
Available secrets:
  - fizz
  - foo
$ bin/vt run --secret=foo,target=FOO --secret=fizz,target=FIZZ alpine -- env
Logging to: /tmp/vibetool-alpine.log
MCP server alpine-1742982443 is running in the background (PID: 18425)
Use 'vibetool stop alpine-1742982443' to stop the server
$ docker ps -a
CONTAINER ID   IMAGE                           COMMAND                  CREATED              STATUS                          PORTS     NAMES
ed1bda951b03   alpine                          "env"                    About a minute ago   Exited (0) About a minute ago             alpine-1742982443
$ docker logs ed1bda951b03
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ed1bda951b03
FOO=bar
FIZZ=buzz
MCP_TRANSPORT=stdio
HOME=/root
```
@dmjb dmjb force-pushed the secret-interface branch from f01b665 to b1fe98a Compare March 26, 2025 11:52
@dmjb dmjb changed the title [DRAFT] Initial secrets manager Initial secrets manager Mar 26, 2025
@dmjb dmjb changed the title Initial secrets manager Implement secrets management Mar 26, 2025
@dmjb dmjb marked this pull request as ready for review March 26, 2025 11:53
JAORMX
JAORMX approved these changes Mar 26, 2025
View reviewed changes
cmd/vt/main.go
rootCmd.AddCommand(rmCmd)
rootCmd.AddCommand(proxyCmd)
rootCmd.AddCommand(versionCmd)
rootCmd.AddCommand(newSecretCommand())
Copy link
Collaborator

@JAORMX JAORMX Mar 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah... we should probably change the rest of the commands to do something like this. (not for this PR)

pkg/secrets/basic.go
type BasicManager struct {
filePath string
secrets map[string]string
mu sync.RWMutex // Protects concurrent access to secrets map
Copy link
Collaborator

@JAORMX JAORMX Mar 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: https://github.com/puzpuzpuz/xsync could be handy for having a thread safe map implementation so no mutex would need to be used.

@dmjb dmjb merged commit 9aef236 into main Mar 26, 2025
2 checks passed
@dmjb dmjb deleted the secret-interface branch March 26, 2025 12:14
@claude claude bot mentioned this pull request Oct 20, 2025
Merged
@claude claude bot mentioned this pull request Nov 4, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JAORMX JAORMX JAORMX approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dmjb @JAORMX