Conversation
🦋 Changeset detectedLatest commit: b9eab94 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Agent-Logs-Url: https://github.com/dmno-dev/varlock/sessions/cef91166-4c15-4e67-afae-291d90ab491e Co-authored-by: theoephraim <1158956+theoephraim@users.noreply.github.com>
|
@copilot add a docs page |
…view listing Agent-Logs-Url: https://github.com/dmno-dev/varlock/sessions/9f3a323d-52d7-438a-8d31-64c569dc03d0 Co-authored-by: philmillman <3722211+philmillman@users.noreply.github.com>
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ❌ Deployment failed View logs |
varlock-website | bc01bb6 | Apr 07 2026, 05:27 AM |
Added in |
theoephraim
left a comment
theoephraim
left a comment
There was a problem hiding this comment.
@copilot - check the review comments and adjust accordingly
|
|
||
| const { SchemaError, ResolutionError } = plugin.ERRORS; | ||
|
|
||
| const AKEYLESS_ICON = 'simple-icons:akeyless'; |
There was a problem hiding this comment.
this is not a real icon. Just leave it empty if there is no logo available in iconify.
There was a problem hiding this comment.
Removed all simple-icons:akeyless references — icon is now left empty across plugin metadata, data types, and resolver function. See bc01bb6.
| DB_PASSWORD=akeyless("/MyApp/DB_PASSWORD") | ||
|
|
||
| # Auto-infer secret name from the variable name | ||
| API_KEY=akeyless() |
There was a problem hiding this comment.
if paths are always longer, does this even make sense?
We should probably add a prefixPath option on the plugin instance (similar to what we have for AWS). This would let us dry up other items, and make this case where we infer the path more usable.
There was a problem hiding this comment.
Added pathPrefix option on @initAkeyless() (similar to Vault's pathPrefix and AWS's namePrefix). With a prefix set, akeyless() infers "{pathPrefix}/{ITEM_KEY}" which makes the no-arg case much more practical. See bc01bb6.
| Dynamic secrets generate on-demand credentials (e.g., temporary database credentials, cloud access tokens). Use the `type=dynamic` parameter: | ||
|
|
||
| ```env-spec title=".env.schema" | ||
| # Fetch a dynamic secret (returns JSON with generated credentials) |
There was a problem hiding this comment.
If this always returns json, we probably need a way of extracting individual json keys/paths.
In this case we also probably need to make sure we cache the fetched item, in case multiple keys from that json object are needed.
This will be useful for dynamic and rotated keys, but also just useful generally, in case a user is storing json objects in static secrets.
There was a problem hiding this comment.
Added JSON key extraction via #key syntax and key= named parameter for all secret types (static, dynamic, rotated). Also added response caching per secret type + path so multiple items extracting different keys from the same secret share a single API call. Pattern matches the Vault plugin's fetchSecretData cache. See bc01bb6.
… extraction, and response caching Agent-Logs-Url: https://github.com/dmno-dev/varlock/sessions/69e3ce35-9e73-4d8b-a41a-f265fefa8a4d Co-authored-by: theoephraim <1158956+theoephraim@users.noreply.github.com>
All three review comments addressed in |
…ror handling, and JSON key extraction Agent-Logs-Url: https://github.com/dmno-dev/varlock/sessions/9b69a8a3-6372-423e-a2f3-bb9598c8c651 Co-authored-by: theoephraim <1158956+theoephraim@users.noreply.github.com>
Agent-Logs-Url: https://github.com/dmno-dev/varlock/sessions/9b69a8a3-6372-423e-a2f3-bb9598c8c651 Co-authored-by: theoephraim <1158956+theoephraim@users.noreply.github.com>
Add support for API Key authentication and multiple instances.
commit: |
handleApiErrorhelpercachedFetchhelperextractJsonKeyhelper