Skip to content

Add CLI commands for vaults, secrets, and vars management#428

Merged
robinaugh merged 6 commits intomainfrom
jason/rwx-135-wire-up-vault-var-endpoints
Mar 16, 2026
Merged

Add CLI commands for vaults, secrets, and vars management#428
robinaugh merged 6 commits intomainfrom
jason/rwx-135-wire-up-vault-var-endpoints

Conversation

@robinaugh
Copy link
Contributor

@robinaugh robinaugh commented Mar 16, 2026
edited
Loading

This PR wraps our existing Mint API endpoints in CLI commands for convenience. One somewhat noticeable gap here is that we don't have an endpoint today for updating a vault itself, and the create endpoint doesn't support specifying user permissions or approvals. We can add those separately if desired, but this PR just wraps what the server already supports.

Summary

  • Adds rwx vaults create command with --name, --unlocked, and --repository-permission flags
  • Adds rwx vaults secrets set, rwx vaults secrets delete subcommands (keeps set-secrets as hidden alias)
  • Adds rwx vaults vars set, rwx vaults vars show, rwx vaults vars delete subcommands
  • All commands support --vault (default: "default"), --output json, and --access-token
  • Wires up 5 existing API endpoints: POST /mint/api/vaults, DELETE /mint/api/vaults/secrets/:id, POST /mint/api/vaults/vars, GET /mint/api/vaults/vars/:id, DELETE /mint/api/vaults/vars/:id

Test plan

  • Unit tests for all new service methods (CreateVault, DeleteSecret, SetVars, ShowVar, DeleteVar)
  • Existing secrets tests still pass
  • API endpoints verified against cloud Rails source (routes, controllers, strong params, status codes)
  • Manual smoke test against staging

@robinaugh robinaugh self-assigned this Mar 16, 2026
@robinaugh
Add rwx vaults create command
d43a7e2 
Adds a new command to create vaults with optional `--unlocked` and
`--repository-permission` flags. Wires up POST /mint/api/vaults.
@robinaugh
Add rwx vaults secrets subgroup with set and delete
9bbca65 
Restructures secrets into `rwx vaults secrets set` and adds
`rwx vaults secrets delete`. The old `set-secrets` command remains
as a hidden alias. Wires up DELETE /mint/api/vaults/secrets/:id.
@robinaugh
Add rwx vaults vars set command
5c20432 
Adds the vars subcommand group with a `set` command that supports
KEY=value args and --file for dotenv input, matching the secrets set
UX. Calls POST /mint/api/vaults/vars once per var sequentially.
@robinaugh
Add rwx vaults vars show command
f60e31e 
Adds a command to retrieve a var's value from a vault.
Wires up GET /mint/api/vaults/vars/:id.
@robinaugh
Add rwx vaults vars delete command
6c53f88 
Adds a command to delete a var from a vault.
Wires up DELETE /mint/api/vaults/vars/:id.
@robinaugh robinaugh force-pushed the jason/rwx-135-wire-up-vault-var-endpoints branch from d658ff5 to 6c53f88 Compare March 16, 2026 18:35
@robinaugh
Add --yes confirmation prompt to vault delete commands
306a35b 
Destructive delete commands (secrets and vars) now require confirmation.
In TTY environments, the user is prompted interactively. In non-TTY
environments (e.g. coding agents, CI), --yes/-y must be passed explicitly
to prevent the command from hanging on stdin.
@robinaugh robinaugh marked this pull request as ready for review March 16, 2026 19:53
@robinaugh robinaugh merged commit bfccae1 into main Mar 16, 2026
1 check passed
@robinaugh robinaugh deleted the jason/rwx-135-wire-up-vault-var-endpoints branch March 16, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TAGraves TAGraves TAGraves approved these changes

Assignees

@robinaugh robinaugh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robinaugh @TAGraves