From b0a32d089e5fa91594cdba8b62ecae8ed5294751 Mon Sep 17 00:00:00 2001
From: Anumita Shenoy <ansheno@microsoft.com>
Date: Sun, 14 Oct 2018 18:27:58 +0530
Subject: [PATCH] feat(helm): add $HELM_KEY_PASSPHRASE environment variable for
 signing helm charts

If $HELM_KEY_PASSPHRASE is set then helm package sign command will not prompt the
user to enter the passphrase for the private key

Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
---
 cmd/helm/package.go                 | 11 ++++++++---
 pkg/helm/environment/environment.go |  8 ++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/cmd/helm/package.go b/cmd/helm/package.go
index 51686dba7..05fdf02f8 100644
--- a/cmd/helm/package.go
+++ b/cmd/helm/package.go
@@ -215,7 +215,7 @@ func (p *packageCmd) clearsign(filename string) error {
 		return err
 	}
 
-	if err := signer.DecryptKey(promptUser); err != nil {
+	if err := signer.DecryptKey(passphraseFetcher); err != nil {
 		return err
 	}
 
@@ -229,8 +229,13 @@ func (p *packageCmd) clearsign(filename string) error {
 	return ioutil.WriteFile(filename+".prov", []byte(sig), 0755)
 }
 
-// promptUser implements provenance.PassphraseFetcher
-func promptUser(name string) ([]byte, error) {
+// passphraseFetcher implements provenance.PassphraseFetcher
+func passphraseFetcher(name string) ([]byte, error) {
+	var passphrase = settings.HelmKeyPassphrase()
+	if passphrase != "" {
+		return []byte(passphrase), nil
+	}
+
 	fmt.Printf("Password for key %q >  ", name)
 	pw, err := terminal.ReadPassword(int(syscall.Stdin))
 	fmt.Println()
diff --git a/pkg/helm/environment/environment.go b/pkg/helm/environment/environment.go
index 76348c3bd..6d40fb846 100644
--- a/pkg/helm/environment/environment.go
+++ b/pkg/helm/environment/environment.go
@@ -138,6 +138,14 @@ func (s EnvSettings) PluginDirs() string {
 	return s.Home.Plugins()
 }
 
+// HelmKeyPassphrase is the passphrase used to sign a helm chart.
+func (s EnvSettings) HelmKeyPassphrase() string {
+	if d, ok := os.LookupEnv("HELM_KEY_PASSPHRASE"); ok {
+		return d
+	}
+	return ""
+}
+
 // setFlagFromEnv looks up and sets a flag if the corresponding environment variable changed.
 // if the flag with the corresponding name was set during fs.Parse(), then the environment
 // variable is ignored.