[secrets] Implement ls, set, rm secrets (#1713)

## Summary

Implements `secrets list`, `secrets set`, and `secrets rm`.

Removed dependency on envsec binary.

Renamed `envsec` commands to `secrets`

TODO:  Improve envsec interface to avoid having to use embedded struct. 

## How was it tested?

```
devbox secrets list
devbox secrets set foo=bar
devbox secrets set foo=barprod --environment prod
devbox run echo $\foo
devbox ls --environment prod
```

Author: mikeland73

go.mod

@@ -39,8 +39,8 @@ require (
 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
 	github.com/wk8/go-ordered-map/v2 v2.1.8
 	github.com/zealic/go2node v0.1.0
-	go.jetpack.io/envsec v0.0.14
-	go.jetpack.io/pkg v0.0.0-20240105000320-7495266e9298
+	go.jetpack.io/envsec v0.0.16-0.20240109233012-3e97a7fe973f
+	go.jetpack.io/pkg v0.0.0-20240108193620-a28b84329d15
 	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
 	golang.org/x/mod v0.14.0
 	golang.org/x/sync v0.5.0
@@ -76,7 +76,7 @@ require (
 	github.com/bodgit/windows v1.0.0 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/charmbracelet/lipgloss v0.9.1 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/codeclysm/extract/v3 v3.1.1 // indirect
 	github.com/connesc/cipherio v0.2.1 // indirect
 	github.com/coreos/go-oidc/v3 v3.7.0 // indirect

go.sum

@@ -126,8 +126,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184 h1:8yL+85JpbwrIc6m+7N1iYrjn/22z68jwrTIBOJHNe4k=
 github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184/go.mod h1:tGWUZLZp9ajsxUOnHmFFLnqnlKXsCn6GReG4jAD59H0=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/codeclysm/extract/v3 v3.1.1 h1:iHZtdEAwSTqPrd+1n4jfhr1qBhUWtHlMTjT90+fJVXg=
 github.com/codeclysm/extract/v3 v3.1.1/go.mod h1:ZJi80UG2JtfHqJI+lgJSCACttZi++dHxfWuPaMhlOfQ=
 github.com/connesc/cipherio v0.2.1 h1:FGtpTPMbKNNWByNrr9aEBtaJtXjqOzkIXNYJp6OEycw=
@@ -378,10 +378,10 @@ github.com/yuin/gopher-lua v0.0.0-20190514113301-1cd887cd7036/go.mod h1:gqRgreBU
 github.com/zaffka/mongodb-boltdb-mock v0.0.0-20221014194232-b4bb03fbe3a0/go.mod h1:GsDD1qsG+86MeeCG7ndi6Ei3iGthKL3wQ7PTFigDfNY=
 github.com/zealic/go2node v0.1.0 h1:ofxpve08cmLJBwFdI0lPCk9jfwGWOSD+s6216x0oAaA=
 github.com/zealic/go2node v0.1.0/go.mod h1:GrkFr+HctXwP7vzcU9RsgtAeJjTQ6Ud0IPCQAqpTfBg=
-go.jetpack.io/envsec v0.0.14 h1:lUrCQzqqxPxvju1vJzk4XVX7ZEkvJC39CGDOMD7R+U0=
-go.jetpack.io/envsec v0.0.14/go.mod h1:1/39qYH1kaYUEFCt0E6ZdbKZCCbipzdbl/N9MTNvS+0=
-go.jetpack.io/pkg v0.0.0-20240105000320-7495266e9298 h1:gVrmcVJ2MPKrjnZHJ/Zx4jFpebhze1+EHxSBgMy9JnU=
-go.jetpack.io/pkg v0.0.0-20240105000320-7495266e9298/go.mod h1:3bunF5jJUIXf8vWXvu4PHWfHuDj3hgzOyhTXeoBH8Dk=
+go.jetpack.io/envsec v0.0.16-0.20240109233012-3e97a7fe973f h1:ELgyeQw+eZn0BSSlhLnBkC7wTrYbluTsYx6vPa0YTds=
+go.jetpack.io/envsec v0.0.16-0.20240109233012-3e97a7fe973f/go.mod h1:8U0fUaXMaoNRqz8J7VaV8kP7N7hayJ9tqOd9OS0epEQ=
+go.jetpack.io/pkg v0.0.0-20240108193620-a28b84329d15 h1:ztX3CydpNKLePPMRmWgdi4HcxE/AXY6HViOJOmmYNiA=
+go.jetpack.io/pkg v0.0.0-20240108193620-a28b84329d15/go.mod h1:kGUL8aZ7ddvoGro0AQxXos9GKn5Qw0J18qW7d5FP4Ws=
 go.jetpack.io/typeid v1.0.0 h1:8gQ+iYGdyiQ0Pr40ydSB/PzMOIwlXX5DTojp1CBeSPQ=
 go.jetpack.io/typeid v1.0.0/go.mod h1:+UPEaECUgFxgAjFPn5Yf9eO/3ft/3xZ98Eahv9JW/GQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

internal/boxcli/auth.go

@@ -10,7 +10,8 @@ import (
 
 	"github.com/spf13/cobra"
 	"go.jetpack.io/devbox/internal/build"
-	"go.jetpack.io/devbox/internal/integrations/envsec"
+	"go.jetpack.io/devbox/internal/devbox"
+	"go.jetpack.io/devbox/internal/devbox/devopt"
 	"go.jetpack.io/pkg/auth"
 	"go.jetpack.io/pkg/auth/session"
 )
@@ -84,8 +85,15 @@ func whoAmICmd() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			return envsec.DefaultEnvsec(cmd.ErrOrStderr(), wd).
-				WhoAmI(cmd.Context(), cmd.OutOrStdout(), false)
+			box, err := devbox.Open(&devopt.Opts{Dir: wd, Stderr: cmd.ErrOrStderr()})
+			if err != nil {
+				return err
+			}
+			secrets, err := box.Secrets(cmd.Context())
+			if err != nil {
+				return err
+			}
+			return secrets.WhoAmI(cmd.Context(), cmd.OutOrStdout(), false)
 		},
 	}
 

internal/boxcli/config.go

@@ -18,7 +18,7 @@ func (flags *configFlags) register(cmd *cobra.Command) {
 		&flags.path, "config", "c", "", "path to directory containing a devbox.json config file",
 	)
 	cmd.Flags().StringVar(
-		&flags.environment, "environment", "dev", "environment to use, when supported (e.g. envsec supports dev, prod, preview.)",
+		&flags.environment, "environment", "dev", "environment to use, when supported (e.g.secrets support dev, prod, preview.)",
 	)
 }
 
@@ -27,7 +27,7 @@ func (flags *configFlags) registerPersistent(cmd *cobra.Command) {
 		&flags.path, "config", "c", "", "path to directory containing a devbox.json config file",
 	)
 	cmd.PersistentFlags().StringVar(
-		&flags.environment, "environment", "dev", "environment to use, when supported (e.g. envsec supports dev, prod, preview.)",
+		&flags.environment, "environment", "dev", "environment to use, when supported (e.g. secrets support dev, prod, preview.)",
 	)
 }
 

internal/boxcli/envsec.go

@@ -61,7 +61,7 @@ func RootCmd() *cobra.Command {
 		command.AddCommand(authCmd())
 	}
 	command.AddCommand(createCmd())
-	command.AddCommand(envsecCmd())
+	command.AddCommand(secretsCmd())
 	command.AddCommand(generateCmd())
 	command.AddCommand(globalCmd())
 	command.AddCommand(infoCmd())

internal/boxcli/root.go

@@ -0,0 +1,212 @@
+// Copyright 2023 Jetpack Technologies Inc and contributors. All rights reserved.
+// Use of this source code is governed by the license in the LICENSE file.
+
+package boxcli
+
+import (
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"go.jetpack.io/devbox/internal/devbox"
+	"go.jetpack.io/devbox/internal/devbox/devopt"
+	"go.jetpack.io/envsec/pkg/envsec"
+)
+
+type secretsFlags struct {
+	config configFlags
+}
+
+type secretsInitCmdFlags struct {
+	force bool
+}
+
+type secretsListFlags struct {
+	show   bool
+	format string
+}
+
+func secretsCmd() *cobra.Command {
+	flags := &secretsFlags{}
+	cmd := &cobra.Command{
+		Use:               "secrets",
+		Aliases:           []string{"envsec"},
+		Short:             "Interact with devbox secrets in jetpack cloud.",
+		PersistentPreRunE: ensureNixInstalled,
+	}
+	cmd.AddCommand(secretsInitCmd(flags))
+	cmd.AddCommand(secretsListCmd(flags))
+	cmd.AddCommand(secretsRemoveCmd(flags))
+	cmd.AddCommand(secretsSetCmd(flags))
+	cmd.Hidden = true
+
+	flags.config.registerPersistent(cmd)
+
+	return cmd
+}
+
+func secretsInitCmd(secretsFlags *secretsFlags) *cobra.Command {
+	flags := secretsInitCmdFlags{}
+	cmd := &cobra.Command{
+		Use:   "init",
+		Short: "Initialize secrets management with jetpack cloud",
+		Args:  cobra.ExactArgs(0),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return secretsInitFunc(cmd, flags, secretsFlags)
+		},
+	}
+
+	cmd.Flags().BoolVarP(
+		&flags.force,
+		"force",
+		"f",
+		false,
+		"Force initialization even if already initialized",
+	)
+
+	return cmd
+}
+
+func secretsSetCmd(flags *secretsFlags) *cobra.Command {
+	return &cobra.Command{
+		Use:   "set <NAME1>=<value1> [<NAME2>=<value2>]...",
+		Short: "Securely store one or more environment variables",
+		Long:  "Securely store one or more environment variables. To test contents of a file as a secret use set=@<file>",
+		Args:  cobra.MinimumNArgs(1),
+		PreRunE: func(cmd *cobra.Command, args []string) error {
+			return envsec.ValidateSetArgs(args)
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := cmd.Context()
+			box, err := devbox.Open(&devopt.Opts{
+				Dir:         flags.config.path,
+				Environment: flags.config.environment,
+				Stderr:      cmd.ErrOrStderr(),
+			})
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			secrets, err := box.Secrets(ctx)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			envID, err := secrets.EnvID()
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			return secrets.SetFromArgs(ctx, envID, args)
+		},
+	}
+}
+
+func secretsRemoveCmd(flags *secretsFlags) *cobra.Command {
+	return &cobra.Command{
+		Use:     "remove <NAME1> [<NAME2>]...",
+		Short:   "Remove one or more environment variables",
+		Aliases: []string{"rm"},
+		Args:    cobra.MinimumNArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := cmd.Context()
+			box, err := devbox.Open(&devopt.Opts{
+				Dir:         flags.config.path,
+				Environment: flags.config.environment,
+				Stderr:      cmd.ErrOrStderr(),
+			})
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			secrets, err := box.Secrets(ctx)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			envID, err := secrets.EnvID()
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			return secrets.DeleteAll(ctx, envID, args...)
+		},
+	}
+}
+
+func secretsListCmd(commonFlags *secretsFlags) *cobra.Command {
+	flags := secretsListFlags{}
+	cmd := &cobra.Command{
+		Use:     "list",
+		Aliases: []string{"ls"},
+		Short:   "List all secrets",
+		Args:    cobra.ExactArgs(0),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := cmd.Context()
+			box, err := devbox.Open(&devopt.Opts{
+				Dir:         commonFlags.config.path,
+				Environment: commonFlags.config.environment,
+				Stderr:      cmd.ErrOrStderr(),
+			})
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			secrets, err := box.Secrets(ctx)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			envID, err := secrets.EnvID()
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			vars, err := secrets.List(ctx, envID)
+			if err != nil {
+				return err
+			}
+
+			return envsec.PrintEnvVars(
+				vars, cmd.OutOrStdout(), flags.show, flags.format)
+		},
+	}
+
+	cmd.Flags().BoolVarP(
+		&flags.show,
+		"show",
+		"s",
+		false,
+		"Display secret values in plaintext",
+	)
+	cmd.Flags().StringVarP(
+		&flags.format,
+		"format",
+		"f",
+		"table",
+		"Display the key values of each secret in the specified format, one of: table | dotenv | json.",
+	)
+	return cmd
+}
+
+func secretsInitFunc(
+	cmd *cobra.Command,
+	flags secretsInitCmdFlags,
+	secretsFlags *secretsFlags,
+) error {
+	ctx := cmd.Context()
+	box, err := devbox.Open(&devopt.Opts{
+		Dir:    secretsFlags.config.path,
+		Stderr: cmd.ErrOrStderr(),
+	})
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	secrets, err := box.Secrets(ctx)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	if err := secrets.NewProject(ctx, flags.force); err != nil {
+		return errors.WithStack(err)
+	}
+	box.Config().SetStringField("EnvFrom", "envsec")
+	return box.Config().SaveTo(box.ProjectDir())
+}