Skip to content

Commit

Permalink
Add env flags to run command.
Browse files Browse the repository at this point in the history
Signed-off-by: Matthias Glastra <[email protected]>
  • Loading branch information
matglas committed Nov 15, 2024
1 parent 49066a4 commit 05edea4
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
8 changes: 7 additions & 1 deletion cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,13 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
ro.StepName,
witness.RunWithSigners(signers...),
witness.RunWithAttestors(attestors),
witness.RunWithAttestationOpts(attestation.WithWorkingDir(ro.WorkingDir), attestation.WithHashes(roHashes)),
witness.RunWithAttestationOpts(
attestation.WithWorkingDir(ro.WorkingDir),
attestation.WithHashes(roHashes),
attestation.WithEnvCapturer(
ro.EnvAddSensitiveKeys, ro.EnvExcludeSensitiveKeys, ro.EnvDisableSensitiveVars, ro.EnvFilterSensitiveVars,
),
),
witness.RunWithTimestampers(timestampers...),
)
if err != nil {
Expand Down
10 changes: 10 additions & 0 deletions options/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ type RunOptions struct {
Tracing bool
TimestampServers []string
AttestorOptSetters map[string][]func(attestation.Attestor) (attestation.Attestor, error)
EnvFilterSensitiveVars bool
EnvDisableSensitiveVars bool
EnvAddSensitiveKeys []string
EnvExcludeSensitiveKeys []string
}

var RequiredRunFlags = []string{
Expand All @@ -57,6 +61,12 @@ func (ro *RunOptions) AddFlags(cmd *cobra.Command) {
cmd.Flags().BoolVarP(&ro.Tracing, "trace", "r", false, "Enable tracing for the command")
cmd.Flags().StringSliceVarP(&ro.TimestampServers, "timestamp-servers", "t", []string{}, "Timestamp Authority Servers to use when signing envelope")

// Environment variables flags
cmd.Flags().BoolVarP(&ro.EnvFilterSensitiveVars, "env-filter-sensitive-vars", "", false, "Switch from obfuscate to filtering variables which removes them from the output completely.")
cmd.Flags().BoolVarP(&ro.EnvDisableSensitiveVars, "env-disable-default-sensitive-vars", "", false, "Disable the default list of sensitive vars and only use the items mentioned by --add-sensitive-key.")
cmd.Flags().StringSliceVar(&ro.EnvAddSensitiveKeys, "env-add-sensitive-key", []string{}, "Add keys or globs (e.g. '*TEXT') to the list of sensitive environment keys.")
cmd.Flags().StringSliceVar(&ro.EnvExcludeSensitiveKeys, "env-exclude-sensitive-key", []string{}, "Exclude specific keys from the list of sensitive environment keys. Note: This does not support globs.")

cmd.MarkFlagsRequiredTogether(RequiredRunFlags...)

attestationRegistrations := attestation.RegistrationEntries()
Expand Down

0 comments on commit 05edea4

Please sign in to comment.