diff --git a/cli/packages/cmd/run.go b/cli/packages/cmd/run.go index 04fe2588b6..58088f5d32 100644 --- a/cli/packages/cmd/run.go +++ b/cli/packages/cmd/run.go @@ -116,35 +116,82 @@ var runCmd = &cobra.Command{ Recursive: recursive, } + var secrets []models.SingleEnvironmentVariable + var isUserSession bool + var infisicalDotJson models.WorkspaceConfigFile + var userBackupSecretsEncryptionKey []byte + if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER { request.InfisicalToken = token.Token } else if token != nil && token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER { request.UniversalAuthAccessToken = token.Token - } - - secrets, err := util.GetAllEnvironmentVariables(request, projectConfigDir) - - if err != nil { - util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid") - } - - if secretOverriding { - secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL) } else { - secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED) - } - - if shouldExpandSecrets { - - authParams := models.ExpandSecretsAuthentication{} - - if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER { - authParams.InfisicalToken = token.Token - } else if token != nil && token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER { - authParams.UniversalAuthAccessToken = token.Token + // user session + isUserSession = true + loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails() + if err != nil { + util.HandleError(err) } - secrets = util.ExpandSecrets(secrets, authParams, projectConfigDir) + isConnected := util.CheckIsConnectedToInfisicalAPI() + + if projectConfigDir == "" { + projectConfig, err := util.GetWorkSpaceFromFile() + if err != nil { + util.HandleError(err) + } + + infisicalDotJson = projectConfig + } else { + projectConfig, err := util.GetWorkSpaceFromFilePath(projectConfigDir) + if err != nil { + util.HandleError(err) + } + + infisicalDotJson = projectConfig + } + + userBackupSecretsEncryptionKey = []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32] + + if !isConnected { + secrets, err = util.ReadBackupSecrets(infisicalDotJson.WorkspaceId, environmentName, userBackupSecretsEncryptionKey) + if err != nil { + util.HandleError(err) + } + if len(secrets) > 0 { + util.PrintWarning("Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug") + } + } + } + + if len(secrets) == 0 { + secrets, err = util.GetAllEnvironmentVariables(request, projectConfigDir) + if err != nil { + util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid") + } + + if secretOverriding { + secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL) + } else { + secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED) + } + + if shouldExpandSecrets { + + authParams := models.ExpandSecretsAuthentication{} + + if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER { + authParams.InfisicalToken = token.Token + } else if token != nil && token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER { + authParams.UniversalAuthAccessToken = token.Token + } + + secrets = util.ExpandSecrets(secrets, authParams, projectConfigDir) + } + + if isUserSession { + util.WriteBackupSecrets(infisicalDotJson.WorkspaceId, environmentName, userBackupSecretsEncryptionKey, secrets) + } } secretsByKey := getSecretsByKeys(secrets) diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go index 0ca66cc4fb..2e9b0ffd28 100644 --- a/cli/packages/util/secrets.go +++ b/cli/packages/util/secrets.go @@ -319,21 +319,16 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo } RequireLogin() - log.Debug().Msg("GetAllEnvironmentVariables: Trying to fetch secrets using logged in details") loggedInUserDetails, err := GetCurrentLoggedInUserDetails() - isConnected := CheckIsConnectedToInfisicalAPI() - - if isConnected { - log.Debug().Msg("GetAllEnvironmentVariables: Connected to Infisical instance, checking logged in creds") - } + log.Debug().Msg("GetAllEnvironmentVariables: Connected to Infisical instance, checking logged in creds") if err != nil { return nil, err } - if isConnected && loggedInUserDetails.LoginExpired { + if loggedInUserDetails.LoginExpired { PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again") } @@ -362,22 +357,6 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo secretsToReturn, errorToReturn = GetPlainTextSecretsViaJTW(loggedInUserDetails.UserCredentials.JTWToken, loggedInUserDetails.UserCredentials.PrivateKey, infisicalDotJson.WorkspaceId, params.Environment, params.TagSlugs, params.SecretsPath, params.IncludeImport, params.Recursive) log.Debug().Msgf("GetAllEnvironmentVariables: Trying to fetch secrets JTW token [err=%s]", errorToReturn) - - backupSecretsEncryptionKey := []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32] - if errorToReturn == nil { - WriteBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, backupSecretsEncryptionKey, secretsToReturn) - } - - // only attempt to serve cached secrets if no internet connection and if at least one secret cached - if !isConnected { - backedSecrets, err := ReadBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, backupSecretsEncryptionKey) - if len(backedSecrets) > 0 { - PrintWarning("Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug") - secretsToReturn = backedSecrets - errorToReturn = err - } - } - } else { if params.InfisicalToken != "" { log.Debug().Msg("Trying to fetch secrets using service token")