feat: display only secret keys (#151)

resolves #131
jonasvinther · Aug 23, 2024 · 87d5079 · 87d5079
1 parent 54db519
commit 87d5079
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -125,6 +125,7 @@ Medusa import will take a [vault path] with [flags]
 
 ```
   Flags:
+      --display-keys-only    Display only keys of secrets but not their values
   -e, --encrypt              Encrypt the exported Vault data
   -m, --engine-type string   Specify the secret engine type [kv1|kv2] (default "kv2")
   -f, --format string        Specify the export format [yaml|json] (default "yaml")

diff --git a/cmd/export.go b/cmd/export.go
@@ -17,6 +17,7 @@ func init() {
 	exportCmd.PersistentFlags().BoolP("encrypt", "e", false, "Encrypt the exported Vault data")
 	exportCmd.PersistentFlags().StringP("public-key", "p", "", "Location of the RSA public key")
 	exportCmd.PersistentFlags().StringP("engine-type", "m", "kv2", "Specify the secret engine type [kv1|kv2]")
+	exportCmd.PersistentFlags().BoolP("display-keys-only", "", false, "Display only keys of secrets but not their values")
 }
 
 var exportCmd = &cobra.Command{
@@ -37,6 +38,7 @@ var exportCmd = &cobra.Command{
 		doEncrypt, _ := cmd.Flags().GetBool("encrypt")
 		exportFormat, _ := cmd.Flags().GetString("format")
 		output, _ := cmd.Flags().GetString("output")
+		keysOnly, _ := cmd.Flags().GetBool("display-keys-only")
 
 		client := vaultengine.NewClient(vaultAddr, vaultToken, insecure, namespace, vaultRole, kubernetes, authPath)
 		engine, path, err := client.MountpathSplitPrefix(path)
@@ -54,6 +56,13 @@ var exportCmd = &cobra.Command{
 			return err
 		}
 
+		if keysOnly {
+			err = removeValues(exportData)
+			if err != nil {
+				return err
+			}
+		}
+
 		// Convert export to json or yaml
 		var data []byte
 		switch exportFormat {
@@ -113,3 +122,19 @@ var exportCmd = &cobra.Command{
 		return nil
 	},
 }
+
+func removeValues(exportData vaultengine.Folder) error {
+	for k, v := range exportData {
+		switch r := v.(type) {
+		case vaultengine.Folder:
+			removeValues(r)
+		case map[string]interface{}:
+			removeValues(r)
+		case string:
+			exportData[k] = "********"
+		default:
+			return errors.New(fmt.Sprintf("Unknown type %T", r))
+		}
+	}
+	return nil
+}