feat: harden secret command UX#141
Merged
Merged
Conversation
Add `cone secret` with create, get, and view subcommands for managing internal TEXT secrets. Content is encrypted client-side with Age to the recipient returned by the API before upload; secrets support allowed-user restrictions, expiry, and max-view burning. Bumps conductorone-sdk-go (and re-vendors) to pull in the secrets API support, and adds the corresponding client methods in pkg/client. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Previously `secret create` only created internal (team/SSO) TEXT secrets, covering 4 of the 10 combinations the web UI exposes. Add the two missing axes: - FILE secrets via --file <path>: sets SecretType=FILE with the file's derived content type, size (original/pre-encryption), and name, then Age-encrypts the bytes and PUTs them to the upload URL from the create response (rather than SetTextContent). - External recipients via --allowed-emails: routes to CreateExternal for email-verified recipients, mutually exclusive with --allowed-user-ids. --content and --file are mutually exclusive. Adds CreateExternalSecret and UploadSecretFile client methods plus tests for the new helpers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Extract input validation into validateSecretCreateInput and narrow createSecret to a secretCreator interface so request building is testable without a live API. Add tests for: - validation: recipient xor, required expiry, content/file conflict - request building: internal/external x text/file, including secret type, input-format presence, file metadata, and display-name/max-views 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
c1-squire-dev
Bot
force-pushed
the
paul.querna/pr-140/secret-command-ux-followup
branch
from
017a8cf to
68ae68e
Compare
Builds on the secret command introduced by Paul Ganea in PR #140. Co-authored-by: c1-squire-dev[bot] <c1-squire-dev[bot]@users.noreply.github.com>
c1-squire-dev
Bot
force-pushed
the
paul.querna/pr-140/secret-command-ux-followup
branch
from
68ae68e to
2c16fb2
Compare
pquerna
approved these changes
Jun 26, 2026
pquerna
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Credit
This builds directly on #140 from @paul-doordash (Paul Ganea). His branch introduced the
cone secretcommand, the secrets API client plumbing, the SDK/vendor update, the initialcreate,get, andviewworkflows, plus FILE secret and external-recipient create support. This PR keeps that structure and layers the review/QA follow-up changes on top.What changed
--external-emails/view limit, one-week default expiry, and share code/share URL references.secret list, FILE-onlysecret download,secret revoke, andsecret audit;get,view,revoke, andauditaccept vault IDs, share codes, or C1 share URLs, anddownloaddoes the same for FILE secrets.secret createvalidation and input handling: exactly one content source, JSON validation, format aliases, external email validation, recipient limits, expiry/max-view bounds,--content-file -stdin, and--userresolution by ID, exact email, or search query.Notes
External secret opening uses a separate web opener flow that is not present in the vendored SDK. Cone now returns a direct error for
view/downloadof external secrets instead of surfacing the API 400; external metadata/create/revoke still work.QA
go test ./cmd/cone ./pkg/clientgo test ./...make lintmake buildgo mod verifygit diff --checkgo mod vendor -o /tmp/cone-secret-vendor-check && diff -qr vendor /tmp/cone-secret-vendor-checkuser1@conductorone.dev; a personal API credential was then created from that user's Web profile and used with Cone, and Cone successfully revealed the secret by share code.