Skip to content

refactor!: remove deprecated v1 vault implementation #293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jahvon merged 1 commit into from
Aug 13, 2025
Merged

refactor!: remove deprecated v1 vault implementation #293

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 0 additions & 102 deletions cmd/internal/exec.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ import (
"github.com/flowexec/flow/internal/runner/serial"
"github.com/flowexec/flow/internal/services/store"
"github.com/flowexec/flow/internal/utils/env"
"github.com/flowexec/flow/internal/vault"
vaultV2 "github.com/flowexec/flow/internal/vault/v2"
"github.com/flowexec/flow/types/executable"
"github.com/flowexec/flow/types/workspace"
)
Expand Down Expand Up @@ -169,9 +167,6 @@ func execFunc(ctx *context.Context, cmd *cobra.Command, verb executable.Verb, ar
}
}

if ctx.Config.CurrentVault == nil || *ctx.Config.CurrentVault == vaultV2.LegacyVaultReservedName {
setAuthEnv(ctx, cmd, e, false)
}
startTime := time.Now()
eng := engine.NewExecEngine()

Expand Down Expand Up @@ -236,103 +231,6 @@ func runByRef(ctx *context.Context, cmd *cobra.Command, argsStr string) error {
return nil
}

func setAuthEnv(ctx *context.Context, _ *cobra.Command, executable *executable.Executable, force bool) {
if authRequired(ctx, executable) || force {
form, err := views.NewForm(
io.Theme(ctx.Config.Theme.String()),
ctx.StdIn(),
ctx.StdOut(),
&views.FormField{
Key: vault.EncryptionKeyEnvVar,
Title: "Enter vault encryption key",
Type: views.PromptTypeMasked,
})
if err != nil {
logger.Log().FatalErr(err)
}
if err := form.Run(ctx); err != nil {
logger.Log().FatalErr(err)
}
val := form.FindByKey(vault.EncryptionKeyEnvVar).Value()
if val == "" {
logger.Log().FatalErr(fmt.Errorf("vault encryption key required"))
}
if err := os.Setenv(vault.EncryptionKeyEnvVar, val); err != nil {
logger.Log().FatalErr(fmt.Errorf("failed to set vault encryption key\n%w", err))
}
}
}

// TODO: refactor this function to simplify the logic
//
//nolint:all
func authRequired(ctx *context.Context, rootExec *executable.Executable) bool {
if os.Getenv(vault.EncryptionKeyEnvVar) != "" {
return false
}
switch {
case rootExec.Exec != nil:
for _, param := range rootExec.Exec.Params {
if param.SecretRef != "" {
return true
}
}
case rootExec.Launch != nil:
for _, param := range rootExec.Launch.Params {
if param.SecretRef != "" {
return true
}
}
case rootExec.Request != nil:
for _, param := range rootExec.Request.Params {
if param.SecretRef != "" {
return true
}
}
case rootExec.Render != nil:
for _, param := range rootExec.Render.Params {
if param.SecretRef != "" {
return true
}
}
case rootExec.Serial != nil:
for _, param := range rootExec.Serial.Params {
if param.SecretRef != "" {
return true
}
}
for _, e := range rootExec.Serial.Execs {
if e.Ref != "" {
childExec, err := ctx.ExecutableCache.GetExecutableByRef(e.Ref)
if err != nil {
continue
}
if authRequired(ctx, childExec) {
return true
}
}
}
case rootExec.Parallel != nil:
for _, param := range rootExec.Parallel.Params {
if param.SecretRef != "" {
return true
}
}
for _, e := range rootExec.Parallel.Execs {
if e.Ref != "" {
childExec, err := ctx.ExecutableCache.GetExecutableByRef(e.Ref)
if err != nil {
continue
}
if authRequired(ctx, childExec) {
return true
}
}
}
}
return false
}

//nolint:gocognit
func pendingFormFields(
ctx *context.Context, rootExec *executable.Executable, envMap map[string]string,
Expand Down
181 changes: 59 additions & 122 deletions cmd/internal/secret.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,10 @@ import (
"github.com/flowexec/flow/internal/context"
"github.com/flowexec/flow/internal/io"
"github.com/flowexec/flow/internal/io/secret"
secretV2 "github.com/flowexec/flow/internal/io/secret/v2"
"github.com/flowexec/flow/internal/logger"
"github.com/flowexec/flow/internal/utils"
envUtils "github.com/flowexec/flow/internal/utils/env"
"github.com/flowexec/flow/internal/vault"
vaultV2 "github.com/flowexec/flow/internal/vault/v2"
"github.com/flowexec/flow/types/config"
)

Expand Down Expand Up @@ -72,22 +70,14 @@ func removeSecretFunc(ctx *context.Context, _ *cobra.Command, args []string) {
return
}

if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
logger.Log().Warnf("Using deprecated vault. Consider creating a new vault with 'flow vault create' command.")
v := vault.NewVault()
if err = v.DeleteSecret(reference); err != nil {
logger.Log().FatalErr(err)
}
} else {
_, v, err := vaultV2.VaultFromName(currentVault(ctx.Config))
defer v.Close()
_, v, err := vault.VaultFromName(currentVault(ctx.Config))
defer v.Close()

if err != nil {
logger.Log().FatalErr(err)
}
if err = v.DeleteSecret(reference); err != nil {
logger.Log().FatalErr(err)
}
if err != nil {
logger.Log().FatalErr(err)
}
if err = v.DeleteSecret(reference); err != nil {
logger.Log().FatalErr(err)
}

logger.Log().PlainTextSuccess(fmt.Sprintf("Secret '%s' deleted from vault", reference))
Expand Down Expand Up @@ -148,28 +138,15 @@ func setSecretFunc(ctx *context.Context, cmd *cobra.Command, args []string) {
value = strings.Join(args[1:], " ")
}

sv := vault.SecretValue(value)
vaultName := currentVault(ctx.Config)
if vaultName == vaultV2.LegacyVaultReservedName {
logger.Log().Warnf(
"Using deprecated vault '%s'. Consider creating a new vault with 'flow vault create' command.",
vaultName,
)
v := vault.NewVault()
err := v.SetSecret(reference, sv)
if err != nil {
logger.Log().FatalErr(err)
}
} else {
_, v, err := vaultV2.VaultFromName(vaultName)
defer v.Close()
_, v, err := vault.VaultFromName(vaultName)
defer v.Close()

if err != nil {
logger.Log().FatalErr(err)
}
if err = v.SetSecret(reference, vaultV2.NewSecretValue([]byte(value))); err != nil {
logger.Log().FatalErr(err)
}
if err != nil {
logger.Log().FatalErr(err)
}
if err = v.SetSecret(reference, vault.NewSecretValue([]byte(value))); err != nil {
logger.Log().FatalErr(err)
}

logger.Log().PlainTextSuccess(fmt.Sprintf("Secret %s set in vault", reference))
Expand All @@ -194,45 +171,29 @@ func listSecretFunc(ctx *context.Context, cmd *cobra.Command, _ []string) {
asPlainText := flags.ValueFor[bool](cmd, *flags.OutputSecretAsPlainTextFlag, false)
outputFormat := flags.ValueFor[string](cmd, *flags.OutputFormatFlag, false)

//nolint:nestif
if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
v := vault.NewVault()
secrets, err := v.GetAllSecrets()
if err != nil {
logger.Log().FatalErr(err)
}

interactiveUI := TUIEnabled(ctx, cmd)
if interactiveUI {
secret.LoadSecretListView(ctx, asPlainText)
} else {
secret.PrintSecrets(ctx, secrets, outputFormat, asPlainText)
}
} else {
name := currentVault(ctx.Config)
interactiveUI := TUIEnabled(ctx, cmd)
name := currentVault(ctx.Config)
interactiveUI := TUIEnabled(ctx, cmd)

_, v, err := vaultV2.VaultFromName(name)
defer func() {
// Don't close the vault prematurely if we're in interactive mode
go func() {
if interactiveUI {
ctx.TUIContainer.WaitForExit()
}
_ = v.Close()
}()
_, v, err := vault.VaultFromName(name)
defer func() {
// Don't close the vault prematurely if we're in interactive mode
go func() {
if interactiveUI {
ctx.TUIContainer.WaitForExit()
}
_ = v.Close()
}()
}()

if err != nil {
logger.Log().FatalErr(err)
}
if err != nil {
logger.Log().FatalErr(err)
}

if interactiveUI {
view := secretV2.NewSecretListView(ctx, v, asPlainText)
SetView(ctx, cmd, view)
} else {
secretV2.PrintSecrets(ctx, name, v, outputFormat, asPlainText)
}
if interactiveUI {
view := secret.NewSecretListView(ctx, v, asPlainText)
SetView(ctx, cmd, view)
} else {
secret.PrintSecrets(ctx, name, v, outputFormat, asPlainText)
}
}

Expand All @@ -254,65 +215,41 @@ func getSecretFunc(ctx *context.Context, cmd *cobra.Command, args []string) {
asPlainText := flags.ValueFor[bool](cmd, *flags.OutputSecretAsPlainTextFlag, false)
copyValue := flags.ValueFor[bool](cmd, *flags.CopyFlag, false)

//nolint:nestif
if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
logger.Log().Warnf("Using deprecated vault. Consider creating a new vault with 'flow vault create' command.")
v := vault.NewVault()
s, err := v.GetSecret(reference)
if err != nil {
logger.Log().FatalErr(err)
}
rVault, key, err := vault.RefToParts(vault.SecretRef(reference))
if err != nil {
logger.Log().FatalErr(err)
}
if rVault == "" {
rVault = currentVault(ctx.Config)
}
_, v, err := vault.VaultFromName(rVault)
defer v.Close()

if asPlainText {
logger.Log().PlainTextInfo(s.PlainTextString())
} else {
logger.Log().PlainTextInfo(s.String())
}
if err != nil {
logger.Log().FatalErr(err)
}
s, err := v.GetSecret(key)
if err != nil {
logger.Log().FatalErr(err)
}

if copyValue {
if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
logger.Log().Error(err, "\nunable to copy secret value to clipboard")
} else {
logger.Log().PlainTextSuccess("\ncopied secret value to clipboard")
}
}
if asPlainText {
logger.Log().PlainTextInfo(s.PlainTextString())
} else {
rVault, key, err := vaultV2.RefToParts(vaultV2.SecretRef(reference))
if err != nil {
logger.Log().FatalErr(err)
}
if rVault == "" {
rVault = currentVault(ctx.Config)
}
_, v, err := vaultV2.VaultFromName(rVault)
defer v.Close()

if err != nil {
logger.Log().FatalErr(err)
}
s, err := v.GetSecret(key)
if err != nil {
logger.Log().FatalErr(err)
}

if asPlainText {
logger.Log().PlainTextInfo(s.PlainTextString())
logger.Log().PlainTextInfo(s.String())
}
if copyValue {
if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
logger.Log().Error(err, "\nunable to copy secret value to clipboard")
} else {
logger.Log().PlainTextInfo(s.String())
}
if copyValue {
if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
logger.Log().Error(err, "\nunable to copy secret value to clipboard")
} else {
logger.Log().PlainTextSuccess("\ncopied secret value to clipboard")
}
logger.Log().PlainTextSuccess("\ncopied secret value to clipboard")
}
}
}

func currentVault(cfg *config.Config) string {
if cfg.CurrentVault == nil || *cfg.CurrentVault == "" {
return vaultV2.LegacyVaultReservedName
if cfg.CurrentVault == nil {
return ""
}
return *cfg.CurrentVault
}
Loading
Loading