diff options
author | Griffin Smith <grfn@gws.fyi> | 2022-01-29T17·39-0500 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2022-01-29T17·52+0000 |
commit | a12ffa41de2fa209d611aea82aa122e8e7f79295 (patch) | |
tree | 0285ae3a230bba0c9ea94742c261205c1d63ef51 /users/grfn/bbbg/src/bbbg/util/dev_secrets.clj | |
parent | 88595c23ce0739f0afaacccf500e51dba2ce7220 (diff) |
feat(grfn/bbbg): Add pluggable backends for dev secrets r/3704
To allow people who aren't me / don't use `pass` to actually run the app locally, allow just reading dev secrets from a file on disk. Change-Id: I82a410ae877aa50b4302d5bda7072c79fa8f56fb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5114 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
Diffstat (limited to 'users/grfn/bbbg/src/bbbg/util/dev_secrets.clj')
-rw-r--r-- | users/grfn/bbbg/src/bbbg/util/dev_secrets.clj | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj new file mode 100644 index 000000000000..88f1b50caaa8 --- /dev/null +++ b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj @@ -0,0 +1,59 @@ +(ns bbbg.util.dev-secrets + "Utility library for loading secrets during development from multiple + backends. + + # Supported backends + + - [Pass][0] (the default) + + (bbbg.util.dev-secrets/set-backend! :pass) + + Loads all secrets by shelling out to `pass <secret-name>` + + [0]: https://www.passwordstore.org/ + + - Directory + + (bbbg.util.dev-secrets/set-backend! [:dir \"/path/to/secret/directory\"]) + + Loads all secrets by reading the secret name as a (plaintext!) file rooted + at the given directory" + (:require [bbbg.util.core :as u] + [clojure.string :as str] + [clojure.java.io :as io])) + +(def ^:dynamic *secret-backend* :pass) + +(defn set-backend! + "Change the default secret-backend" + [backend] + (alter-var-root #'*secret-backend* (constantly backend))) + +(defmulti ^:private load-secret + (fn [backend _secret] + (if (coll? backend) (first backend) backend))) + +(defmethod load-secret :pass [_ secret] + (u/pass secret)) + +(defmethod load-secret :dir [[_ dir] secret] + (str/trim (slurp (io/file dir secret)))) + +(defn secret + "Load the value for the given `secret-name' from the currently selected + backend" + [secret-name] + (load-secret *secret-backend* secret-name)) + +(comment + (secret "bbbg/discord-client-id") + + (binding [*secret-backend* [:dir "/tmp/bbbg-secrets"]] + (secret "bbbg/discord-client-id")) + + (set-backend! [:dir "/tmp/bbbg-secrets"]) + (secret "bbbg/discord-client-id") + + (set-backend! :pass) + (secret "bbbg/discord-client-id") + ) |