mk 0.7.12 - Docs.rs

# yaml-language-server: $schema=https://raw.githubusercontent.com/ffimnsr/mk-rs/main/docs/schema.json
#
# Examples showing secrets: block usage.
#
# Run: mk secrets vault init --write-config
#   to auto-populate the secrets: block after vault creation.

# --- Example 1: Root defaults (built-in PGP backend) ---
#
# All tasks inherit these settings unless they supply their own secrets: block.
secrets:
  vault_location: ./.mk/vault
  keys_location: ~/.config/mk/priv
  key_name: default

tasks:
  # Uses root secrets: defaults — no per-task override needed.
  print-node-env:
    description: Print NODE_ENV from a secrets_path file
    secrets:
      secrets_path:
        - app/development/env
    commands:
      - command: env | grep '^NODE_ENV='
        verbose: false

  # --- Example 2: Task-level override ---
  #
  # Inherits vault_location and keys_location from root but uses a different key_name.
  deploy-prod:
    description: Deploy using production key
    secrets:
      key_name: prod-key
      secrets_path:
        - app/production/env
    environment:
      DB_PASS: ${{ secrets.app/database/password }}
    commands:
      - command: echo "deploying with $DB_PASS"
        verbose: false

  # --- Example 3: GPG backend ---
  #
  # Override backend to gpg for this task; all crypto goes through the system gpg binary.
  # gpg_key_id is required when backend = "gpg".
  deploy-gpg:
    description: Deploy using YubiKey-backed GPG key
    secrets:
      backend: gpg
      vault_location: ./.mk/vault
      gpg_key_id: YOUR_KEY_FINGERPRINT
      secrets_path:
        - app/production/env
    commands:
      - command: echo "deploying via gpg"
        verbose: false