added capability for temporary files

Author: Alexander Weber

crates/secenv/src/args.rs

@@ -58,6 +58,7 @@ pub(crate) enum Command {
         manifest: Manifest,
         profile_name: String,
         command: Option<Vec<String>>,
+        force: bool,
     },
     Init {
         path: PathBuf,
@@ -131,6 +132,13 @@ impl ClapArgumentLoader {
                             .required(false)
                             .default_value("default"),
                     )
+                    .arg(
+                        clap::Arg::new("force")
+                            .short('f')
+                            .long("force")
+                            .action(clap::ArgAction::SetTrue)
+                            .help("Overwrite existing files defined in the manifest"),
+                    )
                     .arg(
                         clap::Arg::new("command")
                             .help("Command to execute with environment variables set")
@@ -204,11 +212,13 @@ impl ClapArgumentLoader {
             let command = subc
                 .get_many::<String>("command")
                 .map(|values| values.cloned().collect::<Vec<String>>());
+            let force = subc.get_flag("force");
 
             Command::Unlock {
                 manifest: cfg,
                 profile_name: profile_name.clone(),
                 command,
+                force,
             }
         } else if let Some(subc) = command.subcommand_matches("init") {
             let config_path = Self::get_absolute_path(subc, "path")?;

crates/secenv/src/main.rs

@@ -15,6 +15,7 @@ use {
     std::{
         collections::HashMap,
         process::Command,
+        path::Path,
     },
 };
 
@@ -42,11 +43,7 @@ async fn main() -> Result<()> {
             crate::reference::build_shell_completion(&path, &shell)?;
             Ok(())
         },
-        | crate::args::Command::Unlock {
-            manifest,
-            profile_name,
-            command,
-        } => {
+        | crate::args::Command::Unlock { manifest, profile_name, command, force } => {
             let mut env_vars = HashMap::new();
             let mut pgp_manager = crate::pgp::PgpManager::new().context("Failed to initialize PGP manager")?;
 
@@ -56,7 +53,7 @@ async fn main() -> Result<()> {
                 .with_context(|| format!("Profile '{}' not found in manifest", profile_name))?;
 
             for (key, value) in profile.env.vars.iter() {
-                match value.get_value(&mut pgp_manager) {
+                match value.inner.get_value(&mut pgp_manager) {
                     | Ok(val) => {
                         env_vars.insert(key.clone(), val);
                     },
@@ -67,16 +64,68 @@ async fn main() -> Result<()> {
                 }
             }
 
-            match command {
+            // Prepare files from manifest before running command
+            let mut created_files: Vec<String> = Vec::new();
+            for (file_path, content) in profile.files.iter() {
+                let absolute_path = Path::new(file_path);
+                if absolute_path.exists() && !force {
+                    return Err(anyhow::anyhow!(
+                        "File '{}' already exists. Use --force to overwrite.",
+                        absolute_path.display()
+                    ));
+                }
+
+                let value = content.inner.get_value(&mut pgp_manager)?;
+                if let Some(parent) = absolute_path.parent() {
+                    std::fs::create_dir_all(parent)
+                        .with_context(|| format!("Failed to create directories for {}", absolute_path.display()))?;
+                }
+                std::fs::write(&absolute_path, value)
+                    .with_context(|| format!("Failed to write file: {}", absolute_path.display()))?;
+                created_files.push(absolute_path.to_string_lossy().to_string());
+            }
+
+            let exec_status: Result<Option<std::process::ExitStatus>> = match command {
                 | Some(cmd_args) if !cmd_args.is_empty() => {
-                    execute_command_with_env(&cmd_args, &env_vars, &profile.env.keep)
+                    let status = execute_command_with_env(&cmd_args, &env_vars, &profile.env.keep)?;
+                    Ok(Some(status))
                 },
                 | _ => {
                     for (key, value) in env_vars {
                         println!("{}={}", key, value);
                     }
+                    Ok(None)
+                },
+            };
+
+            // Cleanup files after command execution or printing envs
+            let mut cleanup_error: Option<anyhow::Error> = None;
+            for file in created_files.iter() {
+                if let Err(e) = std::fs::remove_file(file) {
+                    cleanup_error = Some(anyhow::anyhow!(
+                        "Failed to remove file '{}': {}",
+                        file,
+                        e
+                    ));
+                }
+            }
+
+            if let Some(err) = cleanup_error {
+                eprintln!("{}", err);
+            }
+
+            match exec_status? {
+                | Some(status) => {
+                    if !status.success() {
+                        if let Some(code) = status.code() {
+                            std::process::exit(code);
+                        } else {
+                            std::process::exit(1);
+                        }
+                    }
                     Ok(())
                 },
+                | None => Ok(()),
             }
         },
         | args::Command::Init { path, force } => {
@@ -144,7 +193,7 @@ fn execute_command_with_env(
     cmd_args: &[String],
     env_vars: &HashMap<String, String>,
     keep_env_vars: &Option<Vec<String>>,
-) -> Result<()> {
+) -> Result<std::process::ExitStatus> {
     if cmd_args.is_empty() {
         return Err(anyhow::anyhow!("No command provided"));
     }
@@ -187,13 +236,5 @@ fn execute_command_with_env(
         .status()
         .with_context(|| format!("Failed to execute command: {}", program))?;
 
-    if !status.success() {
-        if let Some(code) = status.code() {
-            std::process::exit(code);
-        } else {
-            std::process::exit(1);
-        }
-    }
-
-    Ok(())
+    Ok(status)
 }

crates/secenv/src/manifest.rs

@@ -70,33 +70,45 @@ pub struct SecretWrapper {
 #[serde(rename_all = "snake_case")]
 pub struct Manifest {
     pub version: String,
+    #[serde(default)]
     pub profiles: HashMap<String, ManifestProfile>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(rename_all = "snake_case")]
 pub struct ManifestProfile {
+    #[serde(default)]
+    pub files: HashMap<String, ContentWrapper>,
+    #[serde(default)]
     pub env: ManifestEnv,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize)]
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
 #[serde(rename_all = "snake_case")]
 pub struct ManifestEnv {
     #[serde(default)]
     pub keep: Option<Vec<String>>,
-    pub vars: HashMap<String, ManifestEnvVar>,
+    #[serde(default)]
+    pub vars: HashMap<String, ContentWrapper>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(rename_all = "snake_case")]
-pub enum ManifestEnvVar {
+pub enum Content {
     Plain(EncodedValue),
     Secure {
         secret: SecretWrapper,
         value: EncodedValueWrapper,
     },
 }
 
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub struct ContentWrapper {
+    #[serde(flatten)]
+    pub inner: Content,
+}
+
 impl EncodedValue {
     pub fn get_value(&self) -> Result<String, anyhow::Error> {
         match self {
@@ -139,11 +151,11 @@ impl SecretAllocation {
     }
 }
 
-impl ManifestEnvVar {
+impl Content {
     pub fn get_value(&self, pgp_manager: &mut crate::pgp::PgpManager) -> Result<String, anyhow::Error> {
         match self {
-            | ManifestEnvVar::Plain(encoded_value) => encoded_value.get_value(),
-            | ManifestEnvVar::Secure { secret, value } => {
+            | Content::Plain(encoded_value) => encoded_value.get_value(),
+            | Content::Secure { secret, value } => {
                 let encrypted_data = value.inner.get_value()?;
 
                 match &secret.inner {

secenv.conf

@@ -1,18 +1,25 @@
 version = "0.0.0"
 
-vars.secret = {
+vars.secret {
   pgp.gpg.fingerprint = "1E1BAC706C352094D490D5393F5167F1F3002043"
 }
 
 profiles {
   default {
+    files {
+      "./secret.key" {
+        secure {
+          secret = ${vars.secret}
+          value.base64 = "LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpoRjREclVCb0ttMWo1ZjhTQVFkQU8zL0p4RENQL1pWWHN0MGtXM0Zybmpydm5OT2Jrb0JXUldrcDVBbmJHMU13Ci9TK0kybE1ObW81MDQ0aDFYNGYyWTRneVM2SnhLbGkyYWJWSVFVUEVNVENLckR0dHhVTkFUNWp2cFk3amo0dlgKMGtZQktCLzc5dHJXdnNTd0hhMG5tbVJHcGlzUVp0SnFtYmNPM04wSkd3Kzl1STRYMW5kUE50S1JhWUJxRDd2QQpGdHk1TXNLNExjWHQ4NHNUUFBjOG0yVE85UzRtSzRoTAo9bHdMYgotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg=="
+        }
+      }
+    }
     env.vars {
       SECRET_TOKEN.secure {
         secret = ${vars.secret}
         value.base64 = "LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpoRjREclVCb0ttMWo1ZjhTQVFkQU8zL0p4RENQL1pWWHN0MGtXM0Zybmpydm5OT2Jrb0JXUldrcDVBbmJHMU13Ci9TK0kybE1ObW81MDQ0aDFYNGYyWTRneVM2SnhLbGkyYWJWSVFVUEVNVENLckR0dHhVTkFUNWp2cFk3amo0dlgKMGtZQktCLzc5dHJXdnNTd0hhMG5tbVJHcGlzUVp0SnFtYmNPM04wSkd3Kzl1STRYMW5kUE50S1JhWUJxRDd2QQpGdHk1TXNLNExjWHQ4NHNUUFBjOG0yVE85UzRtSzRoTAo9bHdMYgotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg=="
       }
-
-      APP_NAME.plain.literal = "myapp"
     }
+    env.vars.APP_NAME.plain.literal = "myapp"
   }
 }