From 87d50793544eb334002eb3a4c8cbd3c8f598d45b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20H=C3=A4ring?=
 <116002362+tim-goto@users.noreply.github.com>
Date: Fri, 23 Aug 2024 08:52:55 +0200
Subject: [PATCH] feat: display only secret keys (#151)

resolves #131
---
 README.md     |  1 +
 cmd/export.go | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/README.md b/README.md
index 3c783f9..74d78c9 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,7 @@ Medusa import will take a [vault path] with [flags]
 
 ```
   Flags:
+      --display-keys-only    Display only keys of secrets but not their values
   -e, --encrypt              Encrypt the exported Vault data
   -m, --engine-type string   Specify the secret engine type [kv1|kv2] (default "kv2")
   -f, --format string        Specify the export format [yaml|json] (default "yaml")
diff --git a/cmd/export.go b/cmd/export.go
index 12506d9..dd36464 100644
--- a/cmd/export.go
+++ b/cmd/export.go
@@ -17,6 +17,7 @@ func init() {
 	exportCmd.PersistentFlags().BoolP("encrypt", "e", false, "Encrypt the exported Vault data")
 	exportCmd.PersistentFlags().StringP("public-key", "p", "", "Location of the RSA public key")
 	exportCmd.PersistentFlags().StringP("engine-type", "m", "kv2", "Specify the secret engine type [kv1|kv2]")
+	exportCmd.PersistentFlags().BoolP("display-keys-only", "", false, "Display only keys of secrets but not their values")
 }
 
 var exportCmd = &cobra.Command{
@@ -37,6 +38,7 @@ var exportCmd = &cobra.Command{
 		doEncrypt, _ := cmd.Flags().GetBool("encrypt")
 		exportFormat, _ := cmd.Flags().GetString("format")
 		output, _ := cmd.Flags().GetString("output")
+		keysOnly, _ := cmd.Flags().GetBool("display-keys-only")
 
 		client := vaultengine.NewClient(vaultAddr, vaultToken, insecure, namespace, vaultRole, kubernetes, authPath)
 		engine, path, err := client.MountpathSplitPrefix(path)
@@ -54,6 +56,13 @@ var exportCmd = &cobra.Command{
 			return err
 		}
 
+		if keysOnly {
+			err = removeValues(exportData)
+			if err != nil {
+				return err
+			}
+		}
+
 		// Convert export to json or yaml
 		var data []byte
 		switch exportFormat {
@@ -113,3 +122,19 @@ var exportCmd = &cobra.Command{
 		return nil
 	},
 }
+
+func removeValues(exportData vaultengine.Folder) error {
+	for k, v := range exportData {
+		switch r := v.(type) {
+		case vaultengine.Folder:
+			removeValues(r)
+		case map[string]interface{}:
+			removeValues(r)
+		case string:
+			exportData[k] = "********"
+		default:
+			return errors.New(fmt.Sprintf("Unknown type %T", r))
+		}
+	}
+	return nil
+}