kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity
This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
cf0505614f
dagger/docs/core-concepts/1204-secrets.md

89 lines
2.2 KiB
Markdown
Raw Normal View History

Add the must-have pages for the Europa release The goal is to capture the shape of the new docs. It is not meant to be final, but it should be as close as possible. We only want the bare minimum for new users that on-board with Dagger Europa. As soon as the new europaSidebar replaces replaces the existing one, the previous docs will still remain available - doc IDs are unique and permanent. We will do this by simply changing the default `slug: /` to point to the Europa Docs entrypoint, which is doc 1200. Helpful Docusaurus link re multiple sidebars: https://docusaurus.io/docs/sidebar/multiple-sidebars The new pages are numbered from `1200` onwards. This is meant to reflect the `0.2.0` Dagger version. This numbering felt more meaningful than just continuing to increment existing numbers. I didn't want to be "wasteful" with the digits and start at `2000`, but that was my first instinct. I am keen on getting this live on https://docs.dagger.io/1200/local-ci. Anything that is not in production, is inventory. Inventory is bad. The goal is to allow anyone that has a link to get a feel for the new docs as soon as possible, so that we can all see how they improve in real-time, and steer them continuously towards the desired state. We should be aware of the timeline, and not muck about, but instead evaluate constantly how close are we to "flipping the switch". Remember, the best releases are those where switches are flipped (e.g. `--europa)`. The feature will have been out there for weeks (maybe even months), improved by talking to users and then one day realising that we are done, and just enabling it by default. It's the same principle behind these docs. Signed-off-by: Gerhard Lazu <gerhard@lazu.co.uk>
2022-02-07 23:16:01 +01:00
---
slug: /1204/secrets
Add link to Europa docs So that it's easy for anyone to jump to the new docs that we are currently working on, and intend to replace the existing docs with. While I would have preferred to link to the local dev page, it's still stuck in the PR state, currently blocked on another PR: https://github.com/dagger/dagger/pull/1586 Also added a link to the pre-Europa docs, so that it's easy to go back. While at it, drop "Sidebar" from the name of sidebars, and replace tutorial with a more descriptive name. Signed-off-by: Gerhard Lazu <gerhard@lazu.co.uk>
2022-03-03 16:05:07 +01:00
displayed_sidebar: europa
Add the must-have pages for the Europa release The goal is to capture the shape of the new docs. It is not meant to be final, but it should be as close as possible. We only want the bare minimum for new users that on-board with Dagger Europa. As soon as the new europaSidebar replaces replaces the existing one, the previous docs will still remain available - doc IDs are unique and permanent. We will do this by simply changing the default `slug: /` to point to the Europa Docs entrypoint, which is doc 1200. Helpful Docusaurus link re multiple sidebars: https://docusaurus.io/docs/sidebar/multiple-sidebars The new pages are numbered from `1200` onwards. This is meant to reflect the `0.2.0` Dagger version. This numbering felt more meaningful than just continuing to increment existing numbers. I didn't want to be "wasteful" with the digits and start at `2000`, but that was my first instinct. I am keen on getting this live on https://docs.dagger.io/1200/local-ci. Anything that is not in production, is inventory. Inventory is bad. The goal is to allow anyone that has a link to get a feel for the new docs as soon as possible, so that we can all see how they improve in real-time, and steer them continuously towards the desired state. We should be aware of the timeline, and not muck about, but instead evaluate constantly how close are we to "flipping the switch". Remember, the best releases are those where switches are flipped (e.g. `--europa)`. The feature will have been out there for weeks (maybe even months), improved by talking to users and then one day realising that we are done, and just enabling it by default. It's the same principle behind these docs. Signed-off-by: Gerhard Lazu <gerhard@lazu.co.uk>
2022-02-07 23:16:01 +01:00
---
# How to use secrets
Add new Client API Signed-off-by: Helder Correia <174525+helderco@users.noreply.github.com>
2022-03-07 14:12:39 +01:00
Most operations in `client` support handling secrets (see [Interacting with the client](./1203-client.md)). More specifically, you can:
- Write a secret to a file;
- Read a secret from a file;
- Read a secret from an environment variable;
- Read a secret from the output of a command;
- Use a secret as the input of a command.
## Environmnet
The simplest use case is reading from an environment variable:
```cue
dagger.#Plan & {
client: env: GITHUB_TOKEN: dagger.#Secret
}
```
## File
You may need to trim the whitespace, especially when reading from a file:
```cue
dagger.#Plan & {
// Path may be absolute, or relative to current working directory
client: filesystem: ".registry": read: {
// CUE type defines expected content
contents: dagger.#Secret
}
actions: {
registry: dagger.#TrimSecret & {
input: client.filesystem.".registry".read.contents
}
pull: docker.#Pull & {
source: "myprivate/image"
auth: {
username: "_token_"
secret: registry.output
}
}
}
}
```
## SOPS
Theres many ways to store encrypted secrets in your git repository. If you use [SOPS](https://github.com/mozilla/sops), here's a simple example where you can access keys from an encrypted yaml file:
```yaml title="secrets.yaml"
myToken: ENC[AES256_GCM,data:AlUz7g==,iv:lq3mHi4GDLfAssqhPcuUIHMm5eVzJ/EpM+q7RHGCROU=,tag:dzbT5dEGhMnHbiRTu4bHdg==,type:str]
sops:
...
```
```cue title="main.cue"
dagger.#Plan & {
client: commands: sops: {
name: "sops"
args: ["-d", "./secrets.yaml"]
stdout: dagger.#Secret
}
actions: {
// Makes the yaml keys easily accessible
secrets: dagger.#DecodeSecret & {
input: client.commands.sops.stdout
format: "yaml"
}
run: docker.#Run & {
mounts: secret: {
dest: "/run/secrets/token"
contents: secrets.output.myToken
}
// Do something with `/run/secrets/token`
...
}
}
}
```
Reference in New Issue Copy Permalink