secure env var
Show case the support of declarative secure env var if you use both envVar and secure flag together
Demo
source
Main task yaml file
tasks:
- name: task
task:
- func: shell
vars:
enc_key: my_enc_key
dvars:
- name: value_encrypted
value: '{{ "ENV_AAA" | encryptAES .enc_key }}'
flags: [vvvv]
- name: ENV_BBB
value: I_AM_ENV_VAR_BBB
flags:
- envVar
- name: ENV_AAA
value: tdRdCpkHCVz0xzzkthoPUsD6yS6w439zPMDNUot84mM=
flags:
- envVar
- secure
do: |
echo """normal env var: $ENV_BBB"""
echo """expected decrypted secure env var: $ENV_AAA"""
echo """normal secure var: {{.secure_ENV_AAA}}"""
Main log file
loading [Config]: ./tests/functests/upconfig.yml
Main config:
Version -> 1.0.0
RefDir -> ./tests/functests
WorkDir -> cwd
AbsWorkDir -> /up_project/up
TaskFile -> c0197
Verbose -> vvv
ModuleName -> self
ShellType -> /bin/sh
MaxCallLayers -> 8
Timeout -> 3600000
MaxModuelCallLayers -> 256
EntryTask -> task
ModRepoUsernameRef ->
ModRepoPasswordRef ->
work dir: /up_project/up
-exec task: task
loading [Task]: ./tests/functests/c0197
module: [self], instance id: [dev], exec profile: []
profile - envVars:
(*core.Cache)({
})
Task1: [task ==> task: ]
-Step1:
dvar> value_encrypted:
"nC0g550N7wSBjfY9DNtaERDL7KQdrB2c7eRxcYQQGi8="
-
nC0g550N7wSBjfY9DNtaERDL7KQdrB2c7eRxcYQQGi8=
self: final context exec vars:
(*core.Cache)({
"envVar_ENV_BBB": "I_AM_ENV_VAR_BBB",
"ENV_AAA": "tdRdCpkHCVz0xzzkthoPUsD6yS6w439zPMDNUot84mM=",
"envVar_ENV_AAA": "ENV_AAA",
"up_runtime_task_layer_number": 0,
"enc_key": "my_enc_key",
"value_encrypted": "nC0g550N7wSBjfY9DNtaERDL7KQdrB2c7eRxcYQQGi8=",
"ENV_BBB": "I_AM_ENV_VAR_BBB"
})
cmd( 1):
echo """normal env var: $ENV_BBB"""
echo """expected decrypted secure env var: $ENV_AAA"""
echo """normal secure var: {{.secure_ENV_AAA}}"""
-
normal env var: I_AM_ENV_VAR_BBB
expected decrypted secure env var: ENV_AAA
normal secure var: ENV_AAA
-
.. ok
. ok
Logs with different verbose level
Raw logs with different verbose level