feat: add export/import commands for batch backup (JSON/TOML/YAML)
Some checks failed
Secrets CLI - Build & Release / 发布草稿 Release (push) Has been cancelled
Secrets CLI - Build & Release / Build (x86_64-pc-windows-msvc) (push) Has been cancelled
Secrets CLI - Build & Release / 版本 & Release (push) Successful in 3s
Secrets CLI - Build & Release / 质量检查 (fmt / clippy / test) (push) Successful in 2m14s
Secrets CLI - Build & Release / Build (macOS aarch64 + x86_64) (push) Successful in 1m3s
Secrets CLI - Build & Release / Build (x86_64-unknown-linux-musl) (push) Successful in 1m15s
Some checks failed
Secrets CLI - Build & Release / 发布草稿 Release (push) Has been cancelled
Secrets CLI - Build & Release / Build (x86_64-pc-windows-msvc) (push) Has been cancelled
Secrets CLI - Build & Release / 版本 & Release (push) Successful in 3s
Secrets CLI - Build & Release / 质量检查 (fmt / clippy / test) (push) Successful in 2m14s
Secrets CLI - Build & Release / Build (macOS aarch64 + x86_64) (push) Successful in 1m3s
Secrets CLI - Build & Release / Build (x86_64-unknown-linux-musl) (push) Successful in 1m15s
- export: filter by namespace/kind/name/tag/query, decrypt secrets, write to file or stdout - import: parse file, conflict check (error by default, --force to overwrite), --dry-run preview - Add ExportFormat enum, ExportData/ExportEntry in models.rs with TOML↔JSON conversion - Bump version to 0.9.0 Made-with: Cursor
This commit is contained in:
voson
132
src/main.rs
132
src/main.rs
@@ -436,6 +436,83 @@ EXAMPLES:
|
||||
#[arg(long)]
|
||||
check: bool,
|
||||
},
|
||||
|
||||
/// Export records to a file (JSON, TOML, or YAML).
|
||||
///
|
||||
/// Decrypts and exports all matched records. Requires master key unless --no-secrets is used.
|
||||
#[command(after_help = "EXAMPLES:
|
||||
# Export everything to JSON
|
||||
secrets export --file backup.json
|
||||
|
||||
# Export a specific namespace to TOML
|
||||
secrets export -n refining --file refining.toml
|
||||
|
||||
# Export a specific kind
|
||||
secrets export -n refining --kind service --file services.yaml
|
||||
|
||||
# Export by tag
|
||||
secrets export --tag production --file prod.json
|
||||
|
||||
# Export schema only (no decryption needed)
|
||||
secrets export --no-secrets --file schema.json
|
||||
|
||||
# Print to stdout in YAML
|
||||
secrets export -n refining --format yaml")]
|
||||
Export {
|
||||
/// Filter by namespace
|
||||
#[arg(short, long)]
|
||||
namespace: Option<String>,
|
||||
/// Filter by kind, e.g. server, service
|
||||
#[arg(long)]
|
||||
kind: Option<String>,
|
||||
/// Exact name filter
|
||||
#[arg(long)]
|
||||
name: Option<String>,
|
||||
/// Filter by tag (repeatable)
|
||||
#[arg(long)]
|
||||
tag: Vec<String>,
|
||||
/// Fuzzy keyword search
|
||||
#[arg(short, long)]
|
||||
query: Option<String>,
|
||||
/// Output file path (format inferred from extension: .json / .toml / .yaml / .yml)
|
||||
#[arg(long)]
|
||||
file: Option<String>,
|
||||
/// Explicit format: json, toml, or yaml (overrides file extension; required for stdout)
|
||||
#[arg(long)]
|
||||
format: Option<String>,
|
||||
/// Omit secrets from output (no master key required)
|
||||
#[arg(long)]
|
||||
no_secrets: bool,
|
||||
},
|
||||
|
||||
/// Import records from a file (JSON, TOML, or YAML).
|
||||
///
|
||||
/// Reads an export file and inserts or updates entries. Requires master key to re-encrypt secrets.
|
||||
#[command(after_help = "EXAMPLES:
|
||||
# Import a JSON backup (conflict = error by default)
|
||||
secrets import backup.json
|
||||
|
||||
# Import and overwrite existing records
|
||||
secrets import --force refining.toml
|
||||
|
||||
# Preview what would be imported (no writes)
|
||||
secrets import --dry-run backup.yaml
|
||||
|
||||
# JSON output for the import summary
|
||||
secrets import backup.json -o json")]
|
||||
Import {
|
||||
/// Input file path (format inferred from extension: .json / .toml / .yaml / .yml)
|
||||
file: String,
|
||||
/// Overwrite existing records on conflict (default: error and abort)
|
||||
#[arg(long)]
|
||||
force: bool,
|
||||
/// Preview operations without writing to the database
|
||||
#[arg(long)]
|
||||
dry_run: bool,
|
||||
/// Output format: text (default on TTY), json, json-compact
|
||||
#[arg(short, long = "output")]
|
||||
output: Option<String>,
|
||||
},
|
||||
}
|
||||
|
||||
#[derive(Subcommand)]
|
||||
@@ -682,6 +759,61 @@ async fn main() -> Result<()> {
|
||||
)
|
||||
.await?;
|
||||
}
|
||||
|
||||
Commands::Export {
|
||||
namespace,
|
||||
kind,
|
||||
name,
|
||||
tag,
|
||||
query,
|
||||
file,
|
||||
format,
|
||||
no_secrets,
|
||||
} => {
|
||||
let master_key = if no_secrets {
|
||||
None
|
||||
} else {
|
||||
Some(crypto::load_master_key()?)
|
||||
};
|
||||
let _span = tracing::info_span!("cmd", command = "export").entered();
|
||||
commands::export_cmd::run(
|
||||
&pool,
|
||||
commands::export_cmd::ExportArgs {
|
||||
namespace: namespace.as_deref(),
|
||||
kind: kind.as_deref(),
|
||||
name: name.as_deref(),
|
||||
tags: &tag,
|
||||
query: query.as_deref(),
|
||||
file: file.as_deref(),
|
||||
format: format.as_deref(),
|
||||
no_secrets,
|
||||
},
|
||||
master_key.as_ref(),
|
||||
)
|
||||
.await?;
|
||||
}
|
||||
|
||||
Commands::Import {
|
||||
file,
|
||||
force,
|
||||
dry_run,
|
||||
output,
|
||||
} => {
|
||||
let master_key = crypto::load_master_key()?;
|
||||
let _span = tracing::info_span!("cmd", command = "import").entered();
|
||||
let out = resolve_output_mode(output.as_deref())?;
|
||||
commands::import_cmd::run(
|
||||
&pool,
|
||||
commands::import_cmd::ImportArgs {
|
||||
file: &file,
|
||||
force,
|
||||
dry_run,
|
||||
output: out,
|
||||
},
|
||||
&master_key,
|
||||
)
|
||||
.await?;
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
|
||||
Reference in New Issue
Block a user