I need to use secretspec from:
- containerized pipelines (Dagger)
- GitHub Actions
Both use cases imply I can't do secretspec run, instead, I would like to first invoke secretspec to fetch the secrets and prepare the environment for other tooling.
I believe this could be achieved by a new secretspec export command. It could take a --format argument, taking shell (default, so eval $(secretspec export) just works), dotenv, json, and gha (for env masking in GitHub Actions) options.
How does it sound @domenkozar ?
For reference, this is what --format gha would output:
::add-mask::very-secret
export DB_PASSWORD=very-secret
secretspec export --format gha could be used to build an official GitHub Action on top of it.
I need to use
secretspecfrom:Both use cases imply I can't do
secretspec run, instead, I would like to first invokesecretspecto fetch the secrets and prepare the environment for other tooling.I believe this could be achieved by a new
secretspec exportcommand. It could take a--formatargument, takingshell(default, soeval $(secretspec export)just works),dotenv,json, andgha(for env masking in GitHub Actions) options.How does it sound @domenkozar ?
For reference, this is what
--format ghawould output:secretspec export --format ghacould be used to build an official GitHub Action on top of it.