MCPcopy
hub / github.com/roboll/helmfile / DecryptSecret

Method DecryptSecret

pkg/helmexec/exec.go:251–348  ·  view source on GitHub ↗
(context HelmContext, name string, flags ...string)

Source from the content-addressed store, hash-verified

249}
250
251func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...string) (string, error) {
252 absPath, err := filepath.Abs(name)
253 if err != nil {
254 return "", err
255 }
256
257 helm.logger.Debugf("Preparing to decrypt secret %v", absPath)
258 helm.decryptedSecretMutex.Lock()
259
260 secret, ok := helm.decryptedSecrets[absPath]
261
262 // Cache miss
263 if !ok {
264
265 secret = &decryptedSecret{}
266 helm.decryptedSecrets[absPath] = secret
267
268 secret.mutex.Lock()
269 defer secret.mutex.Unlock()
270 helm.decryptedSecretMutex.Unlock()
271
272 helm.logger.Infof("Decrypting secret %v", absPath)
273 preArgs := context.GetTillerlessArgs(helm)
274 env := context.getTillerlessEnv()
275 out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env)
276 helm.info(out)
277 if err != nil {
278 secret.err = err
279 return "", err
280 }
281
282 // HELM_SECRETS_DEC_SUFFIX is used by the helm-secrets plugin to define the output file
283 decSuffix := os.Getenv("HELM_SECRETS_DEC_SUFFIX")
284 if len(decSuffix) == 0 {
285 decSuffix = ".yaml.dec"
286 }
287
288 // helm secrets replaces the extension with its suffix ONLY when the extension is ".yaml"
289 var decFilename string
290 if strings.HasSuffix(absPath, ".yaml") {
291 decFilename = strings.Replace(absPath, ".yaml", decSuffix, 1)
292 } else {
293 decFilename = absPath + decSuffix
294 }
295
296 secretBytes, err := ioutil.ReadFile(decFilename)
297 if err != nil {
298 secret.err = err
299 return "", err
300 }
301 secret.bytes = secretBytes
302
303 if err := os.Remove(decFilename); err != nil {
304 return "", err
305 }
306
307 } else {
308 // Cache hit

Callers

nothing calls this directly

Calls 7

execMethod · 0.95
infoMethod · 0.95
AbsMethod · 0.80
GetTillerlessArgsMethod · 0.80
getTillerlessEnvMethod · 0.80
ReadFileMethod · 0.45
WriteMethod · 0.45

Tested by

no test coverage detected