diff --git a/src/whispr/cli.py b/src/whispr/cli.py index ced8ef3..e042a08 100644 --- a/src/whispr/cli.py +++ b/src/whispr/cli.py @@ -46,8 +46,14 @@ def init(vault): @click.command() @click.argument("command", nargs=-1, type=click.UNPROCESSED) def run(command): - """Runs a command by injecting secrets fetched from vault via environment or list of command arguments. - Examples: [whispr run 'python main.py', whispr run 'bash script.sh'] + """Runs a command by injecting secrets fetched from vault via environment or list of command arguments. Make sure you run `whispr init` command before using this. + Please note the single quote (\') wrapped around the passed commands. + + Examples:\n + 1. whispr run 'python main.py'\n + 2. whispr run 'bash script.sh'\n + 3. whispr run 'node server.js'\n + 4. whispr run 'semgrep ci --pro'\n """ if not os.path.exists(CONFIG_FILE): logger.error("whispr configuration file not found. Run 'whispr init' first.") @@ -96,9 +102,16 @@ def secret(): Availble subcommands: [get, gen-random] Examples:\n + # Get a secret from AWS vault\n 1. whispr secret get --vault=aws --secret-name=my-secret --region=us-west-2 \n - 2. whispr secret gen-random --length=10 - 3. whispr secret gen-random --exclude="*;>/\'" + # Get a secret from Azure vault\n + 2. whispr secret get -v gcp -s my-secret -u my_vault_url\n + # Get a secret from GCP vault\n + 3. whispr secret get -v gcp -s my-secret -p my_gcp_project_id\n + # Generate a random string of length of 10 characters.\n + 4. whispr secret gen-random --length=10\n + # Generate a random string of default length but exclude given characters.\n + 5. whispr secret gen-random --exclude="*;>/\'"\n """ pass @@ -108,17 +121,19 @@ def secret(): @click.command() -@click.option("-s", "--secret-name", nargs=1, type=click.STRING) -@click.option("-v", "--vault", nargs=1, type=click.STRING) -@click.option("-r", "--region", nargs=1, type=click.STRING) # AWS -@click.option("-vu", "--vault-url", nargs=1, type=click.STRING) # Azure -def get(secret_name, vault, region, vault_url): - """Fetches a vault secret and prints to standard output in JSON format""" +@click.option("-s", "--secret-name", nargs=1, type=click.STRING, help="Secret name to fetch from a vault") +@click.option("-v", "--vault", nargs=1, type=click.STRING, help="Vault type. Available values: aws, azure, gcp") +@click.option("-r", "--region", nargs=1, type=click.STRING, help="Region (AWS-only property)") # AWS +@click.option("-u", "--vault-url", nargs=1, type=click.STRING, help="Vault URL (Azure-only property)") # Azure +@click.option("-p", "--project-id", nargs=1, type=click.STRING, help="Project ID (GCP-only property)") # GCP +def get(secret_name, vault, region, vault_url, project_id): + """Fetches a vault secret and prints to standard output in JSON format. Output is parseable by `jq` tool. Used for quick audit of secret K:V pairs""" vault_secrets = get_raw_secret( secret_name, vault, region=region, vault_url=vault_url, + project_id=project_id, ) if not vault_secrets: return @@ -128,19 +143,27 @@ def get(secret_name, vault, region, vault_url): @click.command() @click.option( + "-l", "--length", nargs=1, type=click.INT, help=f"Length of generated secret. Default is {MIN_GENERATION_LENGTH}", ) @click.option( + "-e", "--exclude", nargs=1, type=click.STRING, help="Characters to exclude from secret. Use Escape (\\) to escape special characters", ) def gen_random(length, exclude): - """Generates a cryptographically secure random secret of a given length, excluding specified characters""" + """Generates a crypto-secure random secret of a given length, excluding specified characters. + + Examples:\n + # Generate a random string of length of 10 characters.\n + 1. whispr secret gen-random --length=10\n + # Generate a random string of default length but exclude given characters.\n + 2. whispr secret gen-random --exclude="*;>/\'"\n""" exclude_chars = exclude if not exclude_chars: