envsecrets / envsecrets Goto Github PK

You can already export the key-values of a certain version of secret to a .env file.

But we need to provide this functionality on the dashboard as well.

Is your feature request related to a problem? Please describe.
In Mac finder we don't usually discover .env files directly, thus the option to drag and drop the file becomes essential.

Instead of having admins invite every single user in the organisation, let users auto-join based on the domain of an org.

The current Supabase integration relies on personal access tokens. We need to shift this integration to the new Oauth2 flow that Supabase has launched.

• Reference Link
• Secrets Management API

Enable TOTP based MFA for individual users.

Shift from the current GraphQL client being used in Go server to the hasura/go-graphql-client one.

Objective

Manage and mutate secrets directly from your VS Code sidebar.

Features

• CRUD operations on secrets for every environment.
• Options to reveal/mutate value whenever user hovers on their language specific os.Getenv command. Use LSPs for this.
• (Optional) Launch new shells in VSCode with populated/exposed key-value pairs without making the user run their process in the envs run -- wrapper.

References

• https://code.visualstudio.com/api/get-started/your-first-extension
• https://code.visualstudio.com/api/language-extensions/programmatic-language-features

Is your feature request related to a problem? Please describe.
At present the Railway Integration just allows sync for shared variables and not for service specific env variables, we should also have that option.

Strategy

1. Build a k8 operator and ask the user to install the operator in their cluster.
2. The operator should poll envsecrets API with required credentials.

Allow users to change their passwords from inside the platform if they remember their current passwords.

This would entail generating new protection keys for the user encrypted with an argon2i key derived from their new password.

Scan the codebase for accidentally exposed/hard-coded secrets before committing the code.

Use a pre-commit hook to achieve this.

Objective

Allow users to update secrets in their deployed Nhost apps directly from envsecrets.

Strategy

1. Ask users to create a personal access token from their Nhost account.
2. Authenticate against the Nhost's platform API and update secrets using this GraphQL mutation.

Objective

Forward sync secrets with a Hasura Cloud project.

Strategy

1. Ask users to create an access token on their Hasura Cloud project.
2. Use that token to authenticate against the Hasura Cloud API to update the environment variables. Link of mutation.

Tracking issue for:

• https://github.com/envsecrets/envsecrets/security/code-scanning/2

Describe the bug
After creating a new project, it only reflects on the platform after refreshing it.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Users should be able to reference other keys in values of secrets.

For example, set the following pairs:

• API=https://api.example.com
• AUTH_URL=${API}/auth

Every time the value of AUTH_URL is decrypted, it should be revealed as: https://api.example.com/auth.

Objective

Forward sync secrets with a Railway project.

Strategy

1. Ask user to generate a personal access token from their Railway account.
2. Paste the token in envsecrets connection configuration.
3. Call the upsert variables mutation in Railyway's GraphQL server.

Describe the bug
2FA showing error even after it succeeded, shows "incorrect OTP"