(context HelmContext, name string, flags ...string)
| 249 | } |
| 250 | |
| 251 | func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...string) (string, error) { |
| 252 | absPath, err := filepath.Abs(name) |
| 253 | if err != nil { |
| 254 | return "", err |
| 255 | } |
| 256 | |
| 257 | helm.logger.Debugf("Preparing to decrypt secret %v", absPath) |
| 258 | helm.decryptedSecretMutex.Lock() |
| 259 | |
| 260 | secret, ok := helm.decryptedSecrets[absPath] |
| 261 | |
| 262 | // Cache miss |
| 263 | if !ok { |
| 264 | |
| 265 | secret = &decryptedSecret{} |
| 266 | helm.decryptedSecrets[absPath] = secret |
| 267 | |
| 268 | secret.mutex.Lock() |
| 269 | defer secret.mutex.Unlock() |
| 270 | helm.decryptedSecretMutex.Unlock() |
| 271 | |
| 272 | helm.logger.Infof("Decrypting secret %v", absPath) |
| 273 | preArgs := context.GetTillerlessArgs(helm) |
| 274 | env := context.getTillerlessEnv() |
| 275 | out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env) |
| 276 | helm.info(out) |
| 277 | if err != nil { |
| 278 | secret.err = err |
| 279 | return "", err |
| 280 | } |
| 281 | |
| 282 | // HELM_SECRETS_DEC_SUFFIX is used by the helm-secrets plugin to define the output file |
| 283 | decSuffix := os.Getenv("HELM_SECRETS_DEC_SUFFIX") |
| 284 | if len(decSuffix) == 0 { |
| 285 | decSuffix = ".yaml.dec" |
| 286 | } |
| 287 | |
| 288 | // helm secrets replaces the extension with its suffix ONLY when the extension is ".yaml" |
| 289 | var decFilename string |
| 290 | if strings.HasSuffix(absPath, ".yaml") { |
| 291 | decFilename = strings.Replace(absPath, ".yaml", decSuffix, 1) |
| 292 | } else { |
| 293 | decFilename = absPath + decSuffix |
| 294 | } |
| 295 | |
| 296 | secretBytes, err := ioutil.ReadFile(decFilename) |
| 297 | if err != nil { |
| 298 | secret.err = err |
| 299 | return "", err |
| 300 | } |
| 301 | secret.bytes = secretBytes |
| 302 | |
| 303 | if err := os.Remove(decFilename); err != nil { |
| 304 | return "", err |
| 305 | } |
| 306 | |
| 307 | } else { |
| 308 | // Cache hit |
nothing calls this directly
no test coverage detected