[envsec] Ensure build environment is the same (#1703)

## Summary

This is combined with jetify-com/opensource#251
to ensure devbox and envsec environments are always the same.

Otherwise, when using dev devbox, it will install a prod envsec and
environments won't match which causes issues because dev environment
uses a different authentication issuer so keys are not compatible.

## How was it tested?

Author: mikeland73

internal/devbox/devbox.go

@@ -883,8 +883,7 @@ func (d *Devbox) computeEnv(ctx context.Context, usePrintDevEnvCache bool) (map[
 		env["PATH"],
 	)
 
-	env["PATH"], err = d.addUtilitiesToPath(ctx, env["PATH"])
-	if err != nil {
+	if err = d.addUtilitiesToEnv(ctx, env); err != nil {
 		return nil, err
 	}
 

internal/devbox/util.go

@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 
 	"github.com/pkg/errors"
+	"go.jetpack.io/devbox/internal/build"
 	"go.jetpack.io/devbox/internal/integrations/envsec"
 	"go.jetpack.io/devbox/internal/nix/nixprofile"
 
@@ -34,22 +35,26 @@ func (d *Devbox) addDevboxUtilityPackage(ctx context.Context, pkg string) error
 	})
 }
 
-// addDevboxUtilityPackages adds binaries that we want the user to have access
-// to (e.g. envsec).
+// addUtilitiesToEnv adds binaries that we want the user to have access
+// to (e.g. envsec) and associated env vars.
 // Question: Should we add utilityBinPath here? That would allow user to use
 // process-compose, etc
-func (d *Devbox) addUtilitiesToPath(
+func (d *Devbox) addUtilitiesToEnv(
 	ctx context.Context,
-	path string,
-) (string, error) {
+	env map[string]string,
+) error {
 	if d.cfg.IsEnvsecEnabled() {
 		envsecPath, err := envsec.EnsureInstalled(ctx)
 		if err != nil {
-			return "", err
+			return err
+		}
+		env["PATH"] = env["PATH"] + string(os.PathListSeparator) + filepath.Dir(envsecPath)
+		if build.IsDev {
+			// Ensure that devbox and envsec build envs are the same
+			env["ENVSEC_BUILD_ENV"] = "dev"
 		}
-		path = path + string(os.PathListSeparator) + filepath.Dir(envsecPath)
 	}
-	return path, nil
+	return nil
 }
 
 func utilityLookPath(binName string) (string, error) {

internal/integrations/envsec/envsec.go

@@ -49,7 +49,7 @@ func EnsureInstalled(ctx context.Context) (string, error) {
 		return binPathCache, nil
 	}
 
-	paths, err := pkgtype.RunXClient().Install(ctx, "jetpack-io/[email protected].14")
+	paths, err := pkgtype.RunXClient().Install(ctx, "jetpack-io/[email protected].15")
 	if err != nil {
 		return "", errors.Wrap(err, "failed to install envsec")
 	}
@@ -87,6 +87,11 @@ func envsecList(
 		"--environment", environment,
 		"--json-errors")
 	cmd.Dir = projectDir
+	if build.IsDev {
+		// Ensure that devbox and envsec build envs are the same
+		cmd.Env = append(os.Environ(), "ENVSEC_BUILD_ENV=dev")
+	}
+
 	var bufErr bytes.Buffer
 	cmd.Stderr = &bufErr
 	out, err := cmd.Output()