trisacrypto · pdeziel · Oct 25, 2023 · Oct 24, 2023 · pdamodaran · Oct 25, 2023
diff --git a/cmd/courier/main.go b/cmd/courier/main.go
@@ -12,6 +12,7 @@ import (
 	courier "github.com/trisacrypto/courier/pkg"
 	"github.com/trisacrypto/courier/pkg/api/v1"
 	"github.com/trisacrypto/courier/pkg/config"
+	"github.com/trisacrypto/courier/pkg/secrets"
 	"github.com/urfave/cli/v2"
 )
 
@@ -56,6 +57,34 @@ func main() {
 					},
 				},
 			},
+			{
+				Name:     "secrets:get",
+				Usage:    "get a secret from the secret manager",
+				Category: "secrets",
+				Action:   getSecret,
+				Flags: []cli.Flag{
+					&cli.StringFlag{
+						Name:     "project",
+						Aliases:  []string{"p"},
+						Usage:    "project name where the secret is stored",
+						EnvVars:  []string{"COURIER_SECRET_MANAGER_PROJECT"},
+						Required: true,
+					},
+					&cli.StringFlag{
+						Name:     "name",
+						Aliases:  []string{"n"},
+						Usage:    "name of the secret to get",
+						EnvVars:  []string{"COURIER_SECRET_NAME"},
+						Required: true,
+					},
+					&cli.StringFlag{
+						Name:    "credentials",
+						Aliases: []string{"c"},
+						Usage:   "path to the credentials file for the secret manager",
+						EnvVars: []string{"GOOGLE_APPLICATION_CREDENTIALS"},
+					},
+				},
+			},
 		},
 	}
 
@@ -109,6 +138,31 @@ func status(c *cli.Context) (err error) {
 	return printJSON(rep)
 }
 
+// Get a secret from the secret manager.
+func getSecret(c *cli.Context) (err error) {
+	conf := config.SecretsConfig{
+		Enabled:     true,
+		Project:     c.String("project"),
+		Credentials: c.String("credentials"),
+	}
+
+	secrets, err := secrets.NewClient(conf)
+	if err != nil {
+		return cli.Exit(err, 1)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	var secret []byte
+	if secret, err = secrets.GetLatestVersion(ctx, c.String("name")); err != nil {
+		return cli.Exit(err, 1)
+	}
+
+	fmt.Println(string(secret))
+	return nil
+}
+
 //===========================================================================
 // Helpers
 //===========================================================================

diff --git a/go.mod b/go.mod
@@ -3,16 +3,22 @@ module github.com/trisacrypto/courier
 go 1.20
 
 require (
+	cloud.google.com/go/secretmanager v1.11.2
 	github.com/gin-gonic/gin v1.9.1
 	github.com/joho/godotenv v1.4.0
 	github.com/rotationalio/confire v1.0.0
 	github.com/rs/zerolog v1.31.0
 	github.com/stretchr/testify v1.8.4
 	github.com/trisacrypto/trisa v0.99999.1
 	github.com/urfave/cli/v2 v2.15.0
+	google.golang.org/api v0.128.0
+	google.golang.org/grpc v1.56.1
 )
 
 require (
+	cloud.google.com/go/compute v1.19.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v1.1.0 // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
@@ -23,6 +29,12 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
@@ -36,12 +48,18 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.9.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	software.sslmate.com/src/go-pkcs12 v0.2.0 // indirect
 )