Skip to content

WIP: type/provider to manage secrets #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
trefzer wants to merge 10 commits into
base: master
Choose a base branch
from
Draft

WIP: type/provider to manage secrets #94

trefzer wants to merge 10 commits into from

Conversation

@trefzer
Copy link
Contributor

@trefzer trefzer commented Dec 1, 2025

add type and provider to manage secrets.
Theoretically you can choose another driver than the default file, but I did not test that.

@trefzer trefzer added the enhancement New feature or request label Dec 1, 2025
@trefzer trefzer marked this pull request as draft December 1, 2025 22:29
@trefzer trefzer changed the title type/provider to manage secrets WIP: type/provider to manage secrets Dec 1, 2025
@trefzer trefzer force-pushed the dev_cirrax branch 3 times, most recently from 1256c8c to 9c93346 Compare December 2, 2025 21:17
@trefzer trefzer force-pushed the dev_cirrax branch 3 times, most recently from 729a3f7 to 91d1c75 Compare December 3, 2025 20:33
@trefzer trefzer force-pushed the dev_cirrax branch 4 times, most recently from 94d59bf to 3cf9d5d Compare December 5, 2025 20:47
@bastelfreak
Copy link
Member

bastelfreak commented Dec 5, 2025

@traylenator could you have a look here please?

@trefzer trefzer force-pushed the dev_cirrax branch 2 times, most recently from bf84808 to a2b88e2 Compare December 5, 2025 21:30
@traylenator
Copy link
Collaborator

traylenator commented Dec 8, 2025
edited
Loading

Had a play with this doing CRUD of secrets for root: and user:

Also with a deferred function e.g.

quadlets_secret{'foobar:quiet':
  secret => Deferred('oursecrets::get',['yoursecret']),
  labels => {'foo' => 'bar'},
}
Notice: /Stage[main]/Hg_playground::New/Quadlets_secret[foobar:quiet]/secret: changed [redacted] to [redacted]

I agree the title of user:secretname makes sense - that is the unique key to all secrets.

Everything working really well.

@trefzer
Copy link
Contributor Author

trefzer commented Dec 8, 2025
edited
Loading

everything but these *#@!&.... acceptance tests ;(
(I think for root secrets, it's working beside the check (which I will have a look again), for user secrets, I deleted the test because they never worked).

alexjfisher
alexjfisher reviewed Dec 8, 2025
View reviewed changes
lib/puppet/provider/quadlets_secret/podman.rb
commands podman: 'podman'

def should_user
@should_user || @should_user = resource[:name].split(':')[0]
Copy link
Member

@alexjfisher alexjfisher Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we uninventing composite namevars here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexjfisher alexjfisher alexjfisher left review comments

@traylenator traylenator Awaiting requested review from traylenator

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@trefzer @bastelfreak @traylenator @alexjfisher