Merge pull request #33 from edwinavalos/accessible-secrets

Implement exportSecrets
8 years ago · b45f2b597f
2 changed files with 34 additions and 0 deletions
--- a/DOCS.md
+++ b/DOCS.md
@ -187,3 +187,26 @@ pipeline:
      app_version: 1.0.0
    parallelism: 2
 ```
+
+## Remote configuration
+
+If you are configuring an s3 remote state and require S3 environment secrets you add the secrets "FOO" and "BAR" to your drone environment and reference the secrets as follows. These will not be outputted to stdout.
+
+```yaml
+pipeline:
+  terraform:
+    image: jmccann/drone-terraform:0.5
+    plan: false
+    remote:
+      backend: S3
+      config:
+        bucket: my-terraform-config-bucket
+        key: tf-states/my-project
+        region: us-east-1
+    vars:
+      app_name: my-project
+      app_version: 1.0.0
+    secrets:
+      AWS_ACCESS_KEY_ID: FOO
+      AWS_SECRET_ACCESS_KEY: BAR
+```
--- a/plugin.go
+++ b/plugin.go
@ -44,6 +44,11 @@ func (p Plugin) Exec() error {
 	}

 	var commands []*exec.Cmd
+
+	if len(p.Config.Secrets) != 0 {
+		exportSecrets(p.Config.Secrets)
+	}
+
 	remote := p.Config.Remote
 	if p.Config.Cacert != "" {
 		commands = append(commands, installCaCert(p.Config.Cacert))
@ -94,6 +99,12 @@ func installCaCert(cacert string) *exec.Cmd {
 	)
 }

+func exportSecrets(secrets map[string]string) {
+	for k, v := range secrets {
+		os.Setenv(fmt.Sprintf("%s", k), fmt.Sprintf("%s", os.Getenv(v)))
+	}
+}
+
 func deleteCache() *exec.Cmd {
 	return exec.Command(
 		"rm",