Inject summon secrets into docker containers using --env

[doodlesbykumbi]

Is your feature request related to a problem? Please describe

Though @SUMMONENVFILE has been useful until now it has some shortcomings

• Still breaks on multiline secret value
• Doesn’t support the !file tag

A better approach would be something like @SUMMONDOCKEROPTS , whose usage would look like this
summon docker run @SUMMONDOCKEROPTS myorg/myimage
It would

1. Add -e VAR_NAME for all the secrets injected by summon
   2. Add -v FILE_PATH:FILE_PATH for all the secrets that are managed as files by summon
   3. The benefit of (2) is that summon is still managing these files so if it dies then those files are gone.

Describe the solution you would like

See above^

Describe alternatives you have considered

• Use @SUMMONENVFILE which has many limitations
• Role your own bash script but miss out on the rich context that running inside Summon provides. Inject summon secrets into docker containers using --env #194 (comment)

Additional context

Add any other context information about the feature request here.

[doodlesbykumbi]

Lifting environment variables from summon into your docker container has never been easier. It even works with !file .

function summon_envvars_docker_opts() {
( set -euo pipefail
  local secretsyml="${1:-secrets.yml}"
  if ! cat ${secretsyml} | sed '/^$/d' | { grep '^[^#]' || true; } | sed -E 's/^([^:]*)?.*/\1/' | xargs -n 1 sh -c 'printenv $1 > /dev/null' _; then
    echo "failed: ensure that '${secretsyml}' exists and that this script is running within a summon context i.e. summon [this script]" >&2
    exit 1
  fi

  # create the options for the environment variables listed in secrets.yml
  envs="$(cat ${secretsyml}| sed '/^$/d' | { grep '^[^#]' || true; } | sed -E 's/^([^:]*)?.*/\1/' | xargs printf -- '-e %s ')"

  # create the options for the volume mounts for secrets that use the !file tag in secrets.yml
  volumemounts="$(cat ${secretsyml} | { grep '^[^#]' || true; } | { grep '![^ ]*file' || true; } | sed '/^$/d' |  sed -E 's/^([^:]*)?.*/\1/' | xargs -n 1 sh -c '[ "$#" -gt 0 ] && printf "%s" "-v $(printenv $1):$(printenv $1) "' _)"

  echo "${envs}" "${volumemounts}"
)
}

docker run $(summon_envvars_docker_opts) ...

If the above is ./script.sh , then simply summon ./script.sh

[doodlesbykumbi]

Supporting !file is challenging.

1. You can't predict if local volumes can be mounted into the Docker container
2. File paths on the host can look different from those on those inside a container, e.g. Windows container <-> Linux host, or vice-versa.
3. docker run is terminated when run with the -d flag. Summon will delete tmpfiles as soon as that's done.
4. ... etc. it gets complicated and also it's not the core use case.