feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts

If $HELM_KEY_PASSPHRASE is set then helm package sign command will not prompt the user to enter the passphrase for the private key Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
7 years ago · b0a32d089e
parent 8061227ce1
commit b0a32d089e
2 changed files with 16 additions and 3 deletions
--- a/cmd/helm/package.go
+++ b/cmd/helm/package.go
@ -215,7 +215,7 @@ func (p *packageCmd) clearsign(filename string) error {
 		return err
 	}

-	if err := signer.DecryptKey(promptUser); err != nil {
+	if err := signer.DecryptKey(passphraseFetcher); err != nil {
 		return err
 	}

@ -229,8 +229,13 @@ func (p *packageCmd) clearsign(filename string) error {
 	return ioutil.WriteFile(filename+".prov", []byte(sig), 0755)
 }

-// promptUser implements provenance.PassphraseFetcher
-func promptUser(name string) ([]byte, error) {
+// passphraseFetcher implements provenance.PassphraseFetcher
+func passphraseFetcher(name string) ([]byte, error) {
+	var passphrase = settings.HelmKeyPassphrase()
+	if passphrase != "" {
+		return []byte(passphrase), nil
+	}
+
 	fmt.Printf("Password for key %q >  ", name)
 	pw, err := terminal.ReadPassword(int(syscall.Stdin))
 	fmt.Println()
--- a/pkg/helm/environment/environment.go
+++ b/pkg/helm/environment/environment.go
@ -138,6 +138,14 @@ func (s EnvSettings) PluginDirs() string {
 	return s.Home.Plugins()
 }

+// HelmKeyPassphrase is the passphrase used to sign a helm chart.
+func (s EnvSettings) HelmKeyPassphrase() string {
+	if d, ok := os.LookupEnv("HELM_KEY_PASSPHRASE"); ok {
+		return d
+	}
+	return ""
+}
+
 // setFlagFromEnv looks up and sets a flag if the corresponding environment variable changed.
 // if the flag with the corresponding name was set during fs.Parse(), then the environment
 // variable is ignored.