Skip to content

Commit dc2064c

Browse files
johnnyfishjohnnyfish
authored
fix: add codex secret type and --file flag for secrets create (#71)
1 parent 7fdd59c commit dc2064c

2 files changed

Lines changed: 44 additions & 10 deletions

File tree

cmd/onecli/org_secrets.go

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ package main
33
import (
44
"encoding/json"
55
"fmt"
6+
"os"
7+
"strings"
68

79
"github.com/onecli/onecli-cli/internal/api"
810
"github.com/onecli/onecli-cli/pkg/output"
@@ -45,8 +47,9 @@ func (c *OrgSecretsListCmd) Run(out *output.Writer) error {
4547
// OrgSecretsCreateCmd is `onecli org secrets create`.
4648
type OrgSecretsCreateCmd struct {
4749
Name string `required:"" help:"Display name for the secret."`
48-
Type string `required:"" help:"Secret type: 'anthropic', 'openai', or 'generic'."`
49-
Value string `required:"" help:"Secret value (e.g. API key)."`
50+
Type string `required:"" help:"Secret type: 'anthropic', 'openai', 'codex', or 'generic'."`
51+
Value string `optional:"" help:"Secret value (e.g. API key). Required unless --file is provided."`
52+
File string `optional:"" name:"file" type:"existingfile" help:"Read secret value from a file (e.g. ~/.codex/auth.json)."`
5053
HostPattern string `required:"" name:"host-pattern" help:"Host pattern to match (e.g. 'api.anthropic.com')."`
5154
PathPattern string `optional:"" name:"path-pattern" help:"Path pattern to match (e.g. '/v1/*')."`
5255
HeaderName string `optional:"" name:"header-name" help:"Header name for injection (e.g. 'Authorization')."`
@@ -64,13 +67,27 @@ func (c *OrgSecretsCreateCmd) Run(out *output.Writer) error {
6467
return fmt.Errorf("invalid JSON payload: %w", err)
6568
}
6669
} else {
70+
if c.Value != "" && c.File != "" {
71+
return fmt.Errorf("--value and --file are mutually exclusive")
72+
}
6773
if c.HeaderName != "" && c.ParamName != "" {
6874
return fmt.Errorf("--header-name and --param-name are mutually exclusive")
6975
}
76+
value := c.Value
77+
if c.File != "" {
78+
data, err := os.ReadFile(c.File)
79+
if err != nil {
80+
return fmt.Errorf("reading file %s: %w", c.File, err)
81+
}
82+
value = strings.TrimSpace(string(data))
83+
}
84+
if value == "" {
85+
return fmt.Errorf("either --value or --file is required")
86+
}
7087
input = api.CreateSecretInput{
7188
Name: c.Name,
7289
Type: c.Type,
73-
Value: c.Value,
90+
Value: value,
7491
HostPattern: c.HostPattern,
7592
PathPattern: c.PathPattern,
7693
}
@@ -87,8 +104,8 @@ func (c *OrgSecretsCreateCmd) Run(out *output.Writer) error {
87104
}
88105
}
89106

90-
if input.Type != "anthropic" && input.Type != "openai" && input.Type != "generic" {
91-
return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', or 'generic'", input.Type)
107+
if input.Type != "anthropic" && input.Type != "openai" && input.Type != "codex" && input.Type != "generic" {
108+
return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', 'codex', or 'generic'", input.Type)
92109
}
93110

94111
if c.DryRun {

cmd/onecli/secrets.go

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ package main
33
import (
44
"encoding/json"
55
"fmt"
6+
"os"
7+
"strings"
68

79
"github.com/onecli/onecli-cli/internal/api"
810
"github.com/onecli/onecli-cli/pkg/output"
@@ -51,8 +53,9 @@ func (c *SecretsListCmd) Run(out *output.Writer) error {
5153
type SecretsCreateCmd struct {
5254
Project string `optional:"" short:"p" help:"Project slug."`
5355
Name string `required:"" help:"Display name for the secret."`
54-
Type string `required:"" help:"Secret type: 'anthropic', 'openai', or 'generic'."`
55-
Value string `required:"" help:"Secret value (e.g. API key)."`
56+
Type string `required:"" help:"Secret type: 'anthropic', 'openai', 'codex', or 'generic'."`
57+
Value string `optional:"" help:"Secret value (e.g. API key). Required unless --file is provided."`
58+
File string `optional:"" name:"file" type:"existingfile" help:"Read secret value from a file (e.g. ~/.codex/auth.json)."`
5659
HostPattern string `required:"" name:"host-pattern" help:"Host pattern to match (e.g. 'api.anthropic.com')."`
5760
PathPattern string `optional:"" name:"path-pattern" help:"Path pattern to match (e.g. '/v1/*')."`
5861
HeaderName string `optional:"" name:"header-name" help:"Header name for injection (e.g. 'Authorization')."`
@@ -70,13 +73,27 @@ func (c *SecretsCreateCmd) Run(out *output.Writer) error {
7073
return fmt.Errorf("invalid JSON payload: %w", err)
7174
}
7275
} else {
76+
if c.Value != "" && c.File != "" {
77+
return fmt.Errorf("--value and --file are mutually exclusive")
78+
}
7379
if c.HeaderName != "" && c.ParamName != "" {
7480
return fmt.Errorf("--header-name and --param-name are mutually exclusive")
7581
}
82+
value := c.Value
83+
if c.File != "" {
84+
data, err := os.ReadFile(c.File)
85+
if err != nil {
86+
return fmt.Errorf("reading file %s: %w", c.File, err)
87+
}
88+
value = strings.TrimSpace(string(data))
89+
}
90+
if value == "" {
91+
return fmt.Errorf("either --value or --file is required")
92+
}
7693
input = api.CreateSecretInput{
7794
Name: c.Name,
7895
Type: c.Type,
79-
Value: c.Value,
96+
Value: value,
8097
HostPattern: c.HostPattern,
8198
PathPattern: c.PathPattern,
8299
}
@@ -93,8 +110,8 @@ func (c *SecretsCreateCmd) Run(out *output.Writer) error {
93110
}
94111
}
95112

96-
if input.Type != "anthropic" && input.Type != "openai" && input.Type != "generic" {
97-
return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', or 'generic'", input.Type)
113+
if input.Type != "anthropic" && input.Type != "openai" && input.Type != "codex" && input.Type != "generic" {
114+
return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', 'codex', or 'generic'", input.Type)
98115
}
99116

100117
if c.DryRun {

0 commit comments

Comments
 (0)