Skip to content

feat: add -a, --active-only to export secrets#119

Open
brycentrivir wants to merge 2 commits into
mainfrom
feature/active-only-flag-addition
Open

feat: add -a, --active-only to export secrets#119
brycentrivir wants to merge 2 commits into
mainfrom
feature/active-only-flag-addition

Conversation

@brycentrivir

Copy link
Copy Markdown

Adds the -a flag to config-manager pull secrets.
Changes within file:

  • Removed getFrConfigSecrets function as it only added the valueBase64 property which is never used again and rewritten again later in cleanSecret.
  • Implemented use of helper function esvToEnv from utils/FrConfig
  • Original FR-CM code simply counts versions from 1 up to versions.length which may be a bug. I change it to match the response with highest version count first and counts down, not including any destroyed versions.
  • Original FR-CM has an environment variable 'ACTIVE_ONLY_SECRETS' set to true, so the -a flag is defaulted on. Frodo's version of CM will not include that but rely on usage of the flag. Users default exported JSON will now be different than previously.

@phalestrivir phalestrivir left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You forgot to run npm run lint:fix (that's how I caught the console.log that you left in)

Also, I would update the config-manager-export-all test's mock and snapshot. This is because, if the test was passing under normal circumstances, it would be failing now as a result of your change since you changed how the ESV secrets get exported to now include versions. The tests are failing due to other changes too, so fixing the test would fix both those issues as well as the issue caused by updating the ESV secrets. You should be able to just re-record the mock for it and update the snapshot and then it will pass.

Comment thread src/configManagerOps/FrConfigSecretOps.ts Outdated
Comment thread src/configManagerOps/FrConfigSecretOps.ts Outdated
const [secretKey] = Object.keys(exportData.secret);
const fullSecret = exportData.secret[secretKey] as FrConfigSecret;
const cleanSecret = {
const cleanSecret: CleanSecretInterface = {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of using your own interfaces, I would do Partial<SecretSkeleton>, this will avoid typechecker errors, and it's correct in that it is a partial implementation of the SecretSkeleton interface

Comment on lines 20 to 37
type FrConfigSecret = SecretSkeleton & {
valueBase64: string;
};

async function getFrConfigSecrets(): Promise<FrConfigSecret[]> {
const originalSecrets = await readSecrets();
return originalSecrets.map((secret) => ({
...secret,
valueBase64: `\${${secret._id.toUpperCase().replace(/-/g, '_')}}`,
}));
interface CleanSecretVersionInterface {
version: string;
status: VersionOfSecretStatus;
valueBase64: string;
}

interface CleanSecretInterface {
_id: string;
description: string;
encoding: SecretEncodingType;
useInPlaceholders: boolean;
valueBase64?: string;
versions?: CleanSecretVersionInterface[];
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would delete these interfaces/types as they are not necessary (see my other comment)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to do a full re-recording of the pull all mock, not just update the snapshot. Yes, the test is "passing" now, but you see it deleted all ESV secrets from the snapshot. That's because it's erroring out due to missing mock recordings, so it's not actually testing ESV secrets anymore as it should. If you try running the command for this test using FRODO_MOCK=1 you'd start seeing all the recording errors.

@brycentrivir brycentrivir force-pushed the feature/active-only-flag-addition branch from 7c94222 to 5c7cb8c Compare July 14, 2026 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants