sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add cross-vault move command for secrets

Browse Source 
Implement syntax: secret move/mv <vault>:<secret> <vault>[:<secret>]
- Copies all versions to destination vault with re-encryption
- Deletes source after successful copy (true move)
- Add --force flag to overwrite existing destination
- Support both within-vault rename and cross-vault move
- Add shell completion for vault:secret syntax
- Include integration tests for cross-vault move
This commit is contained in:
Jeffrey Paul
2025-12-23 15:24:13 +07:00
parent 7264026d66
commit 128c53a11d
5 changed files with 559 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
internal/cli/completions.go
View File

@@ -142,3 +142,58 @@ func getVaultNamesCompletionFunc(fs afero.Fs, stateDir string) func(
return completions, cobra.ShellCompDirectiveNoFileComp
}
}
// getVaultSecretCompletionFunc returns a completion function for vault:secret format
// It completes vault names with ":" suffix, and after ":" it completes secrets from that vault
func getVaultSecretCompletionFunc(fs afero.Fs, stateDir string) func(
cmd *cobra.Command, args []string, toComplete string,
) ([]string, cobra.ShellCompDirective) {
return func(_ *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
var completions []string
// Check if we're completing after a vault: prefix
if strings.Contains(toComplete, ":") {
// Complete secret names for the specified vault
const vaultSecretParts = 2
parts := strings.SplitN(toComplete, ":", vaultSecretParts)
vaultName := parts[0]
secretPrefix := parts[1]
vlt := vault.NewVault(fs, stateDir, vaultName)
secrets, err := vlt.ListSecrets()
if err == nil {
for _, secretName := range secrets {
if strings.HasPrefix(secretName, secretPrefix) {
completions = append(completions, vaultName+":"+secretName)
}
}
}
return completions, cobra.ShellCompDirectiveNoFileComp
}
// Complete vault names with ":" suffix
vaults, err := vault.ListVaults(fs, stateDir)
if err == nil {
for _, v := range vaults {
if strings.HasPrefix(v, toComplete) {
completions = append(completions, v+":")
}
}
}
// Also complete secrets from current vault (for within-vault moves)
if currentVlt, err := vault.GetCurrentVault(fs, stateDir); err == nil {
secrets, err := currentVlt.ListSecrets()
if err == nil {
for _, secretName := range secrets {
if strings.HasPrefix(secretName, toComplete) {
completions = append(completions, secretName)
}
}
}
}
return completions, cobra.ShellCompDirectiveNoSpace
}
}