-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamically set redacted vars #2396
Comments
Thanks for raising this @ChrisBr, I think it makes more sense to have Implementing this feature will require some delicate changes to how the redactor works, which we think are possible but don't plan to flesh out in detail right now. We suggest, if anyone wants to take this up,
|
@ChrisBr I'm about to introduce an agent command that would allow you to add values to the redactor during a running job. I think it will work with your ejson use case. Something like ejson decrypt foo.ejson | buildkite-agent redactor add --format json should work if the ejson is flat, though it will also redact the values beginning with If you have nesting in your ejson, then I think it will be relatively straightforward to extend this to add nested values to the redactor too. LMK if you would like me to take a look, though I might do that in a separate PR. |
@triarius that's great, thanks. Redacting We probably have nesting in the ejson files. What's the format the redactor expects? Can we just give it a list of keys in JSON format? If so we can probably just format it ourselves? |
Currently, just string valued JSON. So if {
"_public_key": "63ccf05a9492e68e12eeb1c705888aebdcc0080af7e594fc402beb24cce9d14f",
"_database_username": "1234username",
"database_password": "hunter2"
} then But if the JSON object has arrays, objects, boolean values etc, it won't work.
Not as it's currently written. The accepted formats will have limited configurability. One thing you might be able to do once this is merged is to use {
"_public_key": "63ccf05a9492e68e12eeb1c705888aebdcc0080af7e594fc402beb24cce9d14f",
"databases": [
{
"siamese": {
"_username": "1234username",
"password": "hunter2"
}
},
{
"persian": {
"_username": "1234username",
"password": "hunter3"
}
}
]
} Then the jq expression: jq 'tostream | select(length == 2) | {(.[0] | join(".")): .[1]}' | jq -s add should flatten it to become: {
"_public_key": "63ccf05a9492e68e12eeb1c705888aebdcc0080af7e594fc402beb24cce9d14f",
"databases.0.siamese._username": "1234username",
"databases.0.siamese.password": "hunter2",
"databases.1.persian._username": "1234username",
"databases.1.persian.password": "hunter3"
} Piping this into |
Yup that should work 👍 Thanks for working on this. |
As part of our bootstrap process we decrypt ejson files. It would be great if we could dynamically update the redacted vars after we decrypted the ejson files with the keys in it.
Something like
The text was updated successfully, but these errors were encountered: