(#22 ) Add holos create secret --data-stdin flag

This patch enables quickly copying secrets from vault to the provisioner cluster. For example: vault kv get -format=json -field data kv/k2/kube-namespace/ceph-csi-rbd/csi-rbd-secret \ | holos create secret --namespace ceph-system csi-rbd-secret --data-stdin --append-hash=false
2026-03-19 16:54:58 +00:00 · 2024-02-28 15:29:32 -08:00
3 changed files with 23 additions and 3 deletions
--- a/pkg/cli/secret/create.go
+++ b/pkg/cli/secret/create.go
@@ -7,6 +7,7 @@ import (
 	"github.com/holos-run/holos/pkg/logger"
 	"github.com/holos-run/holos/pkg/wrapper"
 	"github.com/spf13/cobra"
+	"io"
 	"io/fs"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -27,6 +28,7 @@ func NewCreateCmd(hc *holos.Config) *cobra.Command {
 	flagSet.Var(&cfg.files, "from-file", "store files as keys in the secret")
 	cfg.dryRun = flagSet.Bool("dry-run", false, "dry run")
 	cfg.appendHash = flagSet.Bool("append-hash", true, "append hash to kubernetes secret name")
+	cfg.dataStdin = flagSet.Bool("data-stdin", false, "read data field as json from stdin if")

 	cmd.Flags().SortFlags = false
 	cmd.Flags().AddGoFlagSet(flagSet)
@@ -46,8 +48,9 @@ func makeCreateRunFunc(hc *holos.Config, cfg *config) command.RunFunc {
 				APIVersion: "v1",
 			},
 			ObjectMeta: metav1.ObjectMeta{
-				Name:   secretName,
-				Labels: map[string]string{NameLabel: secretName},
+				Name:      secretName,
+				Namespace: *cfg.namespace,
+				Labels:    map[string]string{NameLabel: secretName},
 			},
 			Data: make(secretData),
 		}
@@ -60,6 +63,22 @@ func makeCreateRunFunc(hc *holos.Config, cfg *config) command.RunFunc {
 			}
 		}

+		if *cfg.dataStdin {
+			log.InfoContext(ctx, "reading data keys from stdin...")
+			var obj map[string]string
+			data, err := io.ReadAll(hc.Stdin())
+			if err != nil {
+				return wrapper.Wrap(err)
+			}
+			err = yaml.Unmarshal(data, &obj)
+			if err != nil {
+				return wrapper.Wrap(err)
+			}
+			for k, v := range obj {
+				secret.Data[k] = []byte(v)
+			}
+		}
+
 		for _, file := range cfg.files {
 			if err := filepath.WalkDir(file, makeWalkFunc(secret.Data, file)); err != nil {
 				return wrapper.Wrap(err)
--- a/pkg/cli/secret/secret.go
+++ b/pkg/cli/secret/secret.go
@@ -17,6 +17,7 @@ type config struct {
 	extract    *bool
 	dryRun     *bool
 	appendHash *bool
+	dataStdin  *bool
 	cluster    *string
 	namespace  *string
 	extractTo  *string
--- a/pkg/version/embedded/patch
+++ b/pkg/version/embedded/patch
@@ -1 +1 @@
-0
+1