[envsec] Enforce version

go.mod

@@ -7,11 +7,11 @@ require (
 	github.com/MakeNowJust/heredoc/v2 v2.0.1
 	github.com/alessio/shellescape v1.4.2
 	github.com/aws/aws-sdk-go-v2 v1.24.0
-	github.com/aws/aws-sdk-go-v2/config v1.26.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.12
+	github.com/aws/aws-sdk-go-v2/config v1.26.2
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.13
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.87
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6
 	github.com/bmatcuk/doublestar/v4 v4.6.0
 	github.com/briandowns/spinner v1.23.0
 	github.com/cavaliergopher/grab/v3 v3.0.1
@@ -39,8 +39,8 @@ require (
 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
 	github.com/wk8/go-ordered-map/v2 v2.1.8
 	github.com/zealic/go2node v0.1.0
-	go.jetpack.io/envsec v0.0.12-0.20231220042802-d784a6c23f33
-	go.jetpack.io/pkg v0.0.0-20231220014237-68ef53318b2e
+	go.jetpack.io/envsec v0.0.13
+	go.jetpack.io/pkg v0.0.0-20231220195442-0c2f1e897695
 	golang.org/x/exp v0.0.0-20231219180239-dc181d75b848
 	golang.org/x/mod v0.14.0
 	golang.org/x/sync v0.5.0
@@ -65,6 +65,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.44.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
@@ -120,7 +121,7 @@ require (
 	go.jetpack.io/typeid v1.0.0 // indirect
 	go4.org v0.0.0-20200411211856-f5505b9728dd // indirect
 	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/oauth2 v0.14.0 // indirect
+	golang.org/x/oauth2 v0.15.0 // indirect
 	golang.org/x/sys v0.15.0 // indirect
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect

go.sum

@@ -50,9 +50,13 @@ github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13/go.mod h1:gpAbvyDG
 github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
 github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
 github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
+github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc=
+github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
@@ -81,6 +85,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 h1:v0jkRigbSD6uOd
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4/go.mod h1:LhTyt8J04LL+9cIt7pYJ5lbS/U98ZmXovLOR/4LUsk8=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 h1:wl5dxN1NONhTDQD9uaEvNsDRX29cBmGED/nl0jkWlt4=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0/go.mod h1:rDGMZA7f4pbmTtPOk5v5UM2lmX6UAbRnMDJeDvnH7AM=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.44.6 h1:EZw+TRx/4qlfp6VJ0P1sx04Txd9yGNK+NiO1upaXmh4=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.44.6/go.mod h1:uXndCJoDO9gpuK24rNWVCnrGNUydKFEAYAZ7UU9S0rQ=
 github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
@@ -90,6 +96,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9b
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
@@ -367,8 +375,12 @@ github.com/zealic/go2node v0.1.0 h1:ofxpve08cmLJBwFdI0lPCk9jfwGWOSD+s6216x0oAaA=
 github.com/zealic/go2node v0.1.0/go.mod h1:GrkFr+HctXwP7vzcU9RsgtAeJjTQ6Ud0IPCQAqpTfBg=
 go.jetpack.io/envsec v0.0.12-0.20231220042802-d784a6c23f33 h1:E7PQw+0KO7LmtT2ANOql7/cpwm2pQ6OyxttIXYXSqLE=
 go.jetpack.io/envsec v0.0.12-0.20231220042802-d784a6c23f33/go.mod h1:bR8d9A7SnjABK0uvjJLRedJdFRiPOWkDoo+W374z6X4=
+go.jetpack.io/envsec v0.0.13 h1:ZtA747aKU/cjDOMwaiqybKu5HG9dly8/T0p4bxLEvK0=
+go.jetpack.io/envsec v0.0.13/go.mod h1:K+gqk7llRfXcGF4zB4WHu6m1/DocSthk4Fh6Dx71doc=
 go.jetpack.io/pkg v0.0.0-20231220014237-68ef53318b2e h1:XYnuIOYcIStIb2WG6krxtln5YlzY66+QdQU78jMAgmI=
 go.jetpack.io/pkg v0.0.0-20231220014237-68ef53318b2e/go.mod h1:3bunF5jJUIXf8vWXvu4PHWfHuDj3hgzOyhTXeoBH8Dk=
+go.jetpack.io/pkg v0.0.0-20231220195442-0c2f1e897695 h1:ttpYfHeXn9towh6MGjGbd9y+dbSvWYfu/WYoW4kRrlM=
+go.jetpack.io/pkg v0.0.0-20231220195442-0c2f1e897695/go.mod h1:3bunF5jJUIXf8vWXvu4PHWfHuDj3hgzOyhTXeoBH8Dk=
 go.jetpack.io/typeid v1.0.0 h1:8gQ+iYGdyiQ0Pr40ydSB/PzMOIwlXX5DTojp1CBeSPQ=
 go.jetpack.io/typeid v1.0.0/go.mod h1:+UPEaECUgFxgAjFPn5Yf9eO/3ft/3xZ98Eahv9JW/GQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -441,6 +453,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
 golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
+golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

internal/boxcli/envsec.go

@@ -6,11 +6,9 @@ package boxcli
 import (
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
-	"go.jetpack.io/devbox/internal/build"
 	"go.jetpack.io/devbox/internal/devbox"
 	"go.jetpack.io/devbox/internal/devbox/devopt"
-	"go.jetpack.io/envsec/pkg/envsec"
-	"go.jetpack.io/pkg/envvar"
+	envsecIntegration "go.jetpack.io/devbox/internal/integrations/envsec"
 )
 
 type envsecInitCmdFlags struct {
@@ -59,23 +57,10 @@ func envsecInitFunc(cmd *cobra.Command, flags envsecInitCmdFlags) error {
 	if err != nil {
 		return errors.WithStack(err)
 	}
-	envsec := defaultEnvsec(cmd, box.ProjectDir())
+	envsec := envsecIntegration.DefaultEnvsec(cmd.ErrOrStderr(), box.ProjectDir())
 	if err := envsec.NewProject(cmd.Context(), flags.force); err != nil {
 		return errors.WithStack(err)
 	}
 	box.Config().SetStringField("EnvFrom", "envsec")
 	return box.Config().SaveTo(box.ProjectDir())
 }
-
-func defaultEnvsec(cmd *cobra.Command, workingDir string) *envsec.Envsec {
-	return &envsec.Envsec{
-		APIHost: build.JetpackAPIHost(),
-		Auth: envsec.AuthConfig{
-			ClientID: envvar.Get("ENVSEC_CLIENT_ID", build.ClientID()),
-			Issuer:   envvar.Get("ENVSEC_ISSUER", build.Issuer()),
-		},
-		IsDev:      build.IsDev,
-		Stderr:     cmd.ErrOrStderr(),
-		WorkingDir: workingDir,
-	}
-}

internal/integrations/envsec/envsec.go

@@ -4,13 +4,18 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"io"
+	"os"
 	"os/exec"
 	"path/filepath"
 
 	"github.com/pkg/errors"
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
+	"go.jetpack.io/devbox/internal/build"
 	"go.jetpack.io/devbox/internal/debug"
 	"go.jetpack.io/devbox/internal/devpkg/pkgtype"
+	"go.jetpack.io/envsec/pkg/envsec"
+	"go.jetpack.io/pkg/envvar"
 )
 
 var (
@@ -25,7 +30,7 @@ func Env(ctx context.Context, projectDir, environment string) (map[string]string
 		return envCache, nil
 	}
 
-	if err := ensureInitialized(ctx, projectDir); err != nil {
+	if err := ensureInitialized(projectDir); err != nil {
 		return nil, err
 	}
 
@@ -44,7 +49,7 @@ func EnsureInstalled(ctx context.Context) (string, error) {
 		return binPathCache, nil
 	}
 
-	paths, err := pkgtype.RunXClient().Install(ctx, "jetpack-io/envsec")
+	paths, err := pkgtype.RunXClient().Install(ctx, "jetpack-io/envsec@v0.0.13")
 	if err != nil {
 		return "", errors.Wrap(err, "failed to install envsec")
 	}
@@ -57,18 +62,13 @@ func EnsureInstalled(ctx context.Context) (string, error) {
 	return binPathCache, nil
 }
 
-func ensureInitialized(ctx context.Context, projectDir string) error {
-	binPath, err := EnsureInstalled(ctx)
+func ensureInitialized(projectDir string) error {
+	envsec := DefaultEnvsec(os.Stderr, projectDir)
+	_, err := envsec.ProjectConfig(projectDir)
 	if err != nil {
-		return err
-	}
-	cmd := exec.Command(binPath, "init", "--json-errors")
-	cmd.Dir = projectDir
-	var bufErr bytes.Buffer
-	cmd.Stderr = &bufErr
-
-	if err := cmd.Run(); err != nil {
-		return handleError(&bufErr, err)
+		return errors.New(
+			"envsec project is not initialized. Use `devbox envsec init` to initialize",
+		)
 	}
 	return nil
 }
@@ -118,3 +118,16 @@ func handleError(stderr *bytes.Buffer, err error) error {
 	}
 	return errors.WithStack(err)
 }
+
+func DefaultEnvsec(stderr io.Writer, workingDir string) *envsec.Envsec {
+	return &envsec.Envsec{
+		APIHost: build.JetpackAPIHost(),
+		Auth: envsec.AuthConfig{
+			ClientID: envvar.Get("ENVSEC_CLIENT_ID", build.ClientID()),
+			Issuer:   envvar.Get("ENVSEC_ISSUER", build.Issuer()),
+		},
+		IsDev:      build.IsDev,
+		Stderr:     stderr,
+		WorkingDir: workingDir,
+	}
+}