github.com/tooploox/oya@v0.0.21-0.20230524103240-1cda1861aad6/features/secrets.feature (about)

     1  Feature: Manage Secrets for oya
     2  
     3  Background:
     4     Given I'm in project dir
     5  
     6  Scenario: It loads values from secrets.oya if present
     7    Given file ./Oyafile containing
     8      """
     9      Project: Secrets
    10      Values:
    11        foo: bar
    12  
    13      all: |
    14        echo ${Oya[foo]}
    15        echo ${Oya[bar]}
    16      """
    17    And file ./secrets.oya containing
    18      """
    19      bar: banana
    20      """
    21    And I run "oya secrets encrypt secrets.oya"
    22    When I run "oya run all"
    23    Then the command succeeds
    24    And the command outputs
    25    """
    26    bar
    27    banana
    28  
    29    """
    30  
    31  Scenario: Encrypts secrets file
    32    Given file ./secrets.oya containing
    33      """
    34      foo: SECRETPHRASE
    35      """
    36    When I run "oya secrets encrypt secrets.oya"
    37    Then the command succeeds
    38    And file ./secrets.oya does not contain
    39      """
    40      SECRETPHRASE
    41      """
    42  
    43  Scenario: Views secrets file
    44    Given file ./secrets.oya containing
    45      """
    46      foo: SECRETPHRASE
    47      """
    48    Then file ./secrets.oya contains
    49      """
    50      foo: SECRETPHRASE
    51      """
    52    And I run "oya secrets encrypt secrets.oya"
    53    Then the command succeeds
    54    When I run "oya secrets view secrets.oya"
    55    Then the command succeeds
    56    And the command outputs
    57    """
    58    foo: SECRETPHRASE
    59    """
    60  
    61  Scenario: It correctly merges secrets
    62    Given file ./Oyafile containing
    63      """
    64      Project: Secrets
    65      Values:
    66        foo:
    67          bar: xxx
    68          baz: apple
    69  
    70      all: |
    71        echo ${Oya[foo.bar]}
    72        echo ${Oya[foo.baz]}
    73        echo ${Oya[foo.qux]}
    74      """
    75    And file ./secrets.oya containing
    76      """
    77      foo:
    78        bar: banana
    79        qux: peach
    80      """
    81    And I run "oya secrets encrypt secrets.oya"
    82    When I run "oya run all"
    83    Then the command succeeds
    84    And the command outputs
    85    """
    86    banana
    87    apple
    88    peach
    89  
    90    """
    91  
    92  Scenario: It can quickly generate and import PGP key
    93    Given file ./Oyafile containing
    94      """
    95      Project: Secrets
    96      all: |
    97        echo ${Oya[foo.bar]}
    98        echo ${Oya[foo.baz]}
    99      """
   100    And file ./secrets2.oya containing
   101      """
   102      foo:
   103        bar: banana
   104        baz: peach
   105      """
   106    And the SOPS_PGP_FP environment variable set to ""
   107    When I run "oya secrets init --name 'Oya test key' --email 'oya@example.com'"
   108    And I run "oya secrets encrypt secrets2.oya"
   109    And I run "oya run all"
   110    Then the command succeeds
   111    And the command outputs
   112    """
   113    banana
   114    peach
   115  
   116    """
   117    And secrets2.oya is encrypted using PGP key in .sops.yaml