Update push_secrets.sh to use hcp instead of vlt #31
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Did an initial walk through and it looks good so far. Do you mind adding adding instructions for running the push_secrets script to the README similar to those that exist in https://github.com/uwblueprint/sistema?tab=readme-ov-file#secrets . Under the secrets header please add 2 subheaders, one for copying the secrets (./setup_secrets.sh) and the other for your command. Thanks!
kenzysoror
force-pushed
the
kenzy/use-hcp-in-pushsecrets
branch
from
43e4aa1
to
8ba4345
Compare
|
Also please remove the unused secrets from vlt lol/ |
|
Of course, just deleted the 2 test keys I was using from HashiCorp itself! Is that what you're referring to? |
yup! |
ChinemeremChigbo
force-pushed
the
kenzy/use-hcp-in-pushsecrets
branch
from
8ba4345
to
b9ba822
Compare
There was a problem hiding this comment.
Deletion is not working as intended. Hashicorp has a limit of 5 secrets so the original script deletes and then recreates all of the secrets so they are new each time and don't reach the limit. You can note that the deletion is not working as intended because some secrets reach the maximum number of secret versions reached. You should ensure that SECRET_KEYS=$(hcp vault-secrets secrets list --format=json | grep -Eo '"([^"]*)"\s*:\s*"([^"]*)"' | sed -E 's/^"([^"]*)"\s*:\s*"([^"]*)"$/\1=\2/' | grep "^name=" | grep -v "@" | sed 's/^name=//') is working as intended. I suspect that it's not, because if you echo $SECRET_KEYS; it is empty. I would run hcp vault-secrets secrets list --format=json and make sure that $SECRET_KEYS is a list of each secrets name. Feel free to ask GPT or myself for some help!
✓ App with name "sistema" selected
Fetching and deleting all existing secrets...
ERROR: failed to create secret with name "AUTH_GOOGLE_ID": [POST
/secrets/2023-06-13/organizations/{location.organization_id}/projects/{location.project_id}/apps/{app_name}/kv][429]
CreateAppKVSecret default &{Code:8 Details:[] Message:maximum number of secret versions reached}
Failed to create secret for AUTH_GOOGLE_ID.
ERROR: failed to create secret with name "AUTH_GOOGLE_SECRET": [POST
/secrets/2023-06-13/organizations/{location.organization_id}/projects/{location.project_id}/apps/{app_name}/kv][429]
CreateAppKVSecret default &{Code:8 Details:[] Message:maximum number of secret versions reached}
Failed to create secret for AUTH_GOOGLE_SECRET.
Secret Name Created At Latest Version
AUTH_REDIRECT_PROXY_URL 2024-09-25T01:34:55.188Z 4
✓ Successfully created secret with name "AUTH_REDIRECT_PROXY_URL"
b87e5f9
to
41f02d6
Compare
|
Thank you for catching that! It looks like
|
There was a problem hiding this comment.
Very weird. I am guessing this is a Windows vs Linux vs Mac difference with the binary? When you run:
hcp vault-secrets secrets list --format=json --app=sistema | grep -Eo '"([^"]*)"\s*:\s*"([^"]*)"' | sed -E 's/^"([^"]*)"\s*:\s*"([^"]*)"$/\1=\2/' | grep '^\(name=\|"name":\)'| grep -v "@"in your CLI are your secrets like:
"name": "SECRET_NAME"
or are they like:
name=SECRET_NAME
Mine are like the former, but I am guessing that yours are like the latter. Does the change I suggested on line 24 of the push_secrets.sh file work for you?
Co-authored-by: Chinemerem <[email protected]>
|
Definitely very weird! My secrets are indeed By the way, when I run |
Notion ticket link
Modify push_secrets.sh to use hcp instead of vlt
Implementation description
vltcommands tohcpcommandsSteps to test
./push_secrets.sh./push_secrets.sh./push_secrets.shChecklist