chronark/envshare

CLI tool for more use-cases

Mahmoudgalalz opened this issue ยท 9 comments

          I would like to create the CLI, I have a previous expreiance to build it, also consider the options

That I told you about that, api can response text
As we could make it export the env and inject them to the system or we can leave this to the CLI,

This is would make a point for us cause there's no tool for that

Originally posted by @Mahmoudgalalz in #3 (comment)

Yes, I think building a cli is the next step after the API

I've had a great experience using oclif to build a CLI in the past

Probably I would split this up into different packages and manage it using turborepo

/apps/web // current nextjs app
/apps/cli
/packages/encryption

Or similar

I can take a better look tonight

I would like to start with you, we should cosider the size of it and its performance, some CI/CD tools as pricing as pay as you go, so we should cosider that, let me know to collaborate in this together ๐Ÿฆ€

So just brainstorming the CLI functionality here.
One would probably use it something like this:

envshare share some-pre-encrypted-secret --reads=999 --ttl=7 --units=days
and get a response like...

URL: https://envshare.dev/unseal#{id}
Id: {id}
Expires In: 7 days
Expires At: January 24, 2023 19:41:33 (UTC)
Reads: 999

and maybe can do

envshare unseal --id={id}
And receive a response like

Secret: some-decrypted-secret
Remaining Reads: 998

Does that look sound right for the functionality or were you guys planning something else? ๐Ÿค”

for the cli tool, actually we need to export them directly to the system, and the developer should be able to share env file
and the purpose of the cli tool, just to config a server, the seal and unseal will happen between a Developer and an Instance (server)
envshare share --file ./src/.env --reads=10 --ttl=7 -d

.env

DATABASE_URL=postgres://dwdw-dswd.com
API_URL=https://api.com/api

the unseal, would be like
envshare inject {id}
if the variables, doesn't have export we should put it after each newLine, and then output

env that got injected

DATABASE_URL
API_URL

envshare get {id}

this one will output the regular output and he can do any thing later like grep then assign it to a variable etc.

There should be 2 groups right now I think

  • env share ...: upload pre-encrypted data with ttl and reads
  • env encrypt: generate key on the client, encrypt and upload the encrypted data + iv, then display the id and full link

@Mahmoudgalalz

I would like to start with you, we should cosider the size of it and its performance, some CI/CD tools as pricing as pay as > you go, so we should cosider that, let me know to collaborate in this together ๐Ÿฆ€

Sounds good, what did you have in mind?

Also let's consider the use of piping entire .env files

$ cat .env | env encrypt --ttl=500` --reads=20

Key: ""
ID: ""
Url: ""
... etc

Also a --json flag would be very good to return the data in machine readable format for CI

we will consider using go, as its good to distribute, also I will start building it, we will rely on the api, so the API should have the options

and anything else will be within the CLI

haha I was about to mention go with cobra for example
I love using that

api is ready btw, check the readme for the api contract

I will, and I will mention you when I setup everything and make the first req from the CLI