Skip to content

Commit

Permalink
Add --pristine to exec command (#173)
Browse files Browse the repository at this point in the history 
This commit adds the `--pristine` flag to only use secretes retrieved
from the backend when launching the child process. This prevents leaking
the host's environment to the child process.
  • Loading branch information
@nhocki @nickatsegment
nhocki authored and nickatsegment committed Nov 20, 2018
1 parent f55b7d2 commit b12d154
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion cmd/exec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ import (
analytics "gopkg.in/segmentio/analytics-go.v3"
)

// When true, only use variables retrieved from the backend, do not inherit existing environment variables
var pristine bool

// execCmd represents the exec command
var execCmd = &cobra.Command{
Use: "exec <service...> -- <command> [<arg...>]",
Expand All @@ -32,6 +35,7 @@ var execCmd = &cobra.Command{
}

func init() {
execCmd.Flags().BoolVar(&pristine, "pristine", false, "only use variables retrieved from the backend, do not inherit existing environment variables")
RootCmd.AddCommand(execCmd)
}

Expand All @@ -51,7 +55,11 @@ func execRun(cmd *cobra.Command, args []string) error {
})
}

env := environ.Environ(os.Environ())
env := environ.Environ{}
if !pristine {
env = environ.Environ(os.Environ())
}

secretStore, err := getSecretStore()
if err != nil {
return errors.Wrap(err, "Failed to get secret store")
Expand Down

0 comments on commit b12d154

Please sign in to comment.