Add driver-args

jkroepke · Feb 19, 2021 · a702f47 · a702f47
1 parent aa20582
commit a702f47
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/scripts/commands/help.sh b/scripts/commands/help.sh
@@ -3,7 +3,7 @@
 set -euf
 
 help_usage() {
-    cat <<EOF
+    cat <<'EOF'
 Secrets encryption in Helm Charts
 
 This plugin provides ability to encrypt/decrypt secrets files
@@ -24,5 +24,10 @@ Available Commands:
   dir     Get plugin directory
   <cmd>   wrapper that decrypts encrypted yaml files before running helm <cmd>
 
+Available Options:
+  --quiet       -q  Suppress info messages (env: $HELM_SECRETS_QUIET)
+  --driver      -d  Secret driver to use for decryption or encryption (env: $HELM_SECRETS_DRIVER)
+  --driver-args -a  Additional args for secret driver (env: $HELM_SECRETS_DRIVER_ARGS)
+  --help        -h  Show help
 EOF
 }
diff --git a/scripts/drivers/sops.sh b/scripts/drivers/sops.sh
@@ -2,6 +2,11 @@
 
 _SOPS="${HELM_SECRETS_SOPS_BIN:-sops}"
 
+_sops() {
+    set -- "$@" "${SECRET_DRIVER_ARGS}"
+    $_SOPS "$@"
+}
+
 driver_is_file_encrypted() {
     input="${1}"
 
@@ -14,9 +19,9 @@ driver_encrypt_file() {
     output="${3}"
 
     if [ "${input}" = "${output}" ]; then
-        $_SOPS --encrypt --input-type "${type}" --output-type "${type}" --in-place "${input}"
+        _sops --encrypt --input-type "${type}" --output-type "${type}" --in-place "${input}"
     else
-        $_SOPS --encrypt --input-type "${type}" --output-type "${type}" --output "${output}" "${input}"
+        _sops --encrypt --input-type "${type}" --output-type "${type}" --output "${output}" "${input}"
     fi
 }
 
@@ -27,15 +32,15 @@ driver_decrypt_file() {
     output="${3:-}"
 
     if [ "${output}" != "" ]; then
-        $_SOPS --decrypt --input-type "${type}" --output-type "${type}" --output "${output}" "${input}"
+        _sops --decrypt --input-type "${type}" --output-type "${type}" --output "${output}" "${input}"
     else
-        $_SOPS --decrypt --input-type "${type}" --output-type "${type}" "${input}"
+        _sops --decrypt --input-type "${type}" --output-type "${type}" "${input}"
     fi
 }
 
 driver_edit_file() {
     type="${1}"
     input="${2}"
 
-    $_SOPS --input-type yaml --output-type yaml "${input}"
+    _sops --input-type yaml --output-type yaml "${input}"
 }
diff --git a/scripts/run.sh b/scripts/run.sh
@@ -13,6 +13,8 @@ QUIET="${HELM_SECRETS_QUIET:-false}"
 
 # Define the secret driver engine
 SECRET_DRIVER="${HELM_SECRETS_DRIVER:-sops}"
+# Define the secret driver engine
+SECRET_DRIVER_ARGS="${HELM_SECRETS_DRIVER_ARGS:-}"
 
 # The suffix to use for decrypted files. The default can be overridden using
 # the HELM_SECRETS_DEC_SUFFIX environment variable.
@@ -122,6 +124,10 @@ while true; do
         # shellcheck disable=SC2034
         QUIET=true
         ;;
+    --driver-args | -a)
+        # shellcheck disable=SC2034
+        SECRET_DRIVER_ARGS="$2"
+        ;;
     "")
         # shellcheck source=scripts/commands/help.sh
         . "${SCRIPT_DIR}/commands/help.sh"