feat: Require Vault set up for first-time setup so all passed in secrets can be encrypted right off the bat

This commit is contained in:
2025-10-27 12:00:27 -06:00
parent 6f77b3f46e
commit b49a27f886
12 changed files with 75 additions and 22 deletions
+20
View File
@@ -1,5 +1,7 @@
mod utils;
use std::path::PathBuf;
pub use utils::create_vault_password_file;
pub use utils::interpolate_secrets;
use crate::cli::Cli;
@@ -21,6 +23,17 @@ pub struct Vault {
}
impl Vault {
pub fn init_bare() -> Self {
let vault_password_file = Config::default().vault_password_file();
let local_provider = LocalProvider {
password_file: Some(vault_password_file),
git_branch: None,
..LocalProvider::default()
};
Self { local_provider }
}
pub fn init(config: &Config) -> Self {
let vault_password_file = config.vault_password_file();
let mut local_provider = LocalProvider {
@@ -35,6 +48,13 @@ impl Vault {
Self { local_provider }
}
pub fn password_file(&self) -> Result<PathBuf> {
self.local_provider
.password_file
.clone()
.with_context(|| "A password file is required for the local provider")
}
pub fn add_secret(&self, secret_name: &str) -> Result<()> {
let secret_value = Password::new("Enter the secret value:")
.with_validator(required!())