This release adds two useful features and welcomes a new provider to the family.
Highlights
Secrets as Files (#250) - Thanks @kfkonrad!
Some applications expect secrets as file paths rather than environment variable values (think certificate files, SSH keys, or apps that refuse env vars for security reasons). The new as_file option writes secrets to temporary files and sets the env var to the file path:
[secrets]
DB_CERT = { provider = "age", value = "...", as_file = true }With fnox exec, files are automatically cleaned up when your command exits. Files are created with 0600 permissions. See the file-based secrets documentation for details on behavior across different commands.
--no-defaults Flag (#252) - Thanks @jaydenfyi!
When using profiles, fnox normally merges top-level secrets with profile-specific ones. The new --no-defaults flag prevents this, loading only the secrets defined in the selected profile:
fnox exec --profile production --no-defaults -- ./deploy.shUseful for strict production environments where you want to ensure no development secrets accidentally leak through.
Bitwarden Secrets Manager Provider (#253) - Thanks @nikuda!
Bitwarden Secrets Manager is a separate product from Bitwarden Password Manager, designed for DevOps and infrastructure secrets. fnox now supports it as the bitwarden-sm provider:
[providers]
bws = { type = "bitwarden-sm", project_id = "your-project-id" }
[secrets]
DATABASE_URL = { provider = "bws", value = "database-url" }Requires the bws CLI and an access token (BWS_ACCESS_TOKEN). See the provider documentation for setup details.
Documentation
- Documented
tools=truerequirement for mise integration (#245)
New Contributors
Welcome to @nikuda, @jaydenfyi, and @kfkonrad!