···

       
381
       
381
       
 
       
    /// Secret key

     

       
382
       
382
       
 
       
    #[arg(long)]

     

       
383
       
383
       
 
       
    pub key: String,

     

       
384
       
384
       
-
       
    /// Secret value

     

       
384
       
384
       
+
       
    /// Secret value (use '@filename' to read from file, '-' to read from stdin)

     

       
385
       
385
       
 
       
    #[arg(long)]

     

       
386
       
386
       
 
       
    pub value: String,

     

       
387
       
387
       
 
       
}

     

···

       
250
       
250
       
 
       
        .unwrap_or_else(|| "https://spindle.tangled.sh".to_string());

     

       
251
       
251
       
 
       
    let api = tangled_api::TangledClient::new(&spindle_base);

     

       
252
       
252
       
 
       


     

       
253
       
253
       
-
       
    api.add_repo_secret(&pds, &session.access_jwt, &repo_at, &args.key, &args.value)

     

       
253
       
253
       
+
       
    // Handle special value patterns: @file or - (stdin)

     

       
254
       
254
       
+
       
    let value = if args.value == "-" {

     

       
255
       
255
       
+
       
        // Read from stdin

     

       
256
       
256
       
+
       
        use std::io::Read;

     

       
257
       
257
       
+
       
        let mut buffer = String::new();

     

       
258
       
258
       
+
       
        std::io::stdin().read_to_string(&mut buffer)?;

     

       
259
       
259
       
+
       
        buffer

     

       
260
       
260
       
+
       
    } else if let Some(path) = args.value.strip_prefix('@') {

     

       
261
       
261
       
+
       
        // Read from file, expand ~ if needed

     

       
262
       
262
       
+
       
        let expanded_path = if path.starts_with("~/") {

     

       
263
       
263
       
+
       
            if let Some(home) = std::env::var("HOME").ok() {

     

       
264
       
264
       
+
       
                path.replacen("~/", &format!("{}/", home), 1)

     

       
265
       
265
       
+
       
            } else {

     

       
266
       
266
       
+
       
                path.to_string()

     

       
267
       
267
       
+
       
            }

     

       
268
       
268
       
+
       
        } else {

     

       
269
       
269
       
+
       
            path.to_string()

     

       
270
       
270
       
+
       
        };

     

       
271
       
271
       
+
       
        std::fs::read_to_string(&expanded_path)

     

       
272
       
272
       
+
       
            .map_err(|e| anyhow!("Failed to read file '{}': {}", expanded_path, e))?

     

       
273
       
273
       
+
       
    } else {

     

       
274
       
274
       
+
       
        // Use value as-is

     

       
275
       
275
       
+
       
        args.value

     

       
276
       
276
       
+
       
    };

     

       
277
       
277
       
+
       


     

       
278
       
278
       
+
       
    api.add_repo_secret(&pds, &session.access_jwt, &repo_at, &args.key, &value)

     

       
254
       
279
       
 
       
        .await?;

     

       
255
       
280
       
 
       
    println!("Added secret '{}' to {}", args.key, args.repo);

     

       
256
       
281
       
 
       
    Ok(())