Skip to content

Derive context to group secrets by project #194

New issue
New issue
Open
Task
Open
Derive context to group secrets by project#194
Task
Assignees
joe0BAB
Milestone
docker-mysecret
@joe0BAB

Description

@joe0BAB
joe0BAB
opened on Aug 6, 2025

The realm system allows to group secrets for organizing and avoiding name clashes.

Terminology: realm == namespace

Examples:

Let's say you have two projects (git repos), and in each there needs to be a secret named foo. Then these options exists:

my-project/foo
my-project/bar
vs
my-other-project/foo
vs
foo
vs
root/foo

Also the pattern matching logic build in the secrets engine allows to then filter all secrets per project, e.g., my-project/* only gives all secrets of project my-project.

Thus, we suggest the following CLI ux:

  • there's a --global flag available for any docker mysecret subcommand
  • if --global is set, no realm is appended/prefixed
  • if --global is not set (default), the outer git repo is used to namespace / realm-prefix all set/list/delete/get operations
  • if --global is not set and there's no outer git repo, the CLI errors

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Task

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions