envvault/cli/commands/
delete.rs

1//! `envvault delete` — remove a secret from the vault.
2
3use dialoguer::Confirm;
4
5use crate::cli::output;
6use crate::cli::{load_keyfile, prompt_password_for_vault, vault_path, Cli};
7use crate::errors::{EnvVaultError, Result};
8use crate::vault::VaultStore;
9
10/// Execute the `delete` command.
11pub fn execute(cli: &Cli, key: &str, force: bool) -> Result<()> {
12    let path = vault_path(cli)?;
13
14    // Unless --force is set, ask for confirmation before deleting.
15    if !force {
16        let confirmed = Confirm::new()
17            .with_prompt(format!("Delete secret '{key}'?"))
18            .default(false)
19            .interact()
20            .map_err(|e| EnvVaultError::CommandFailed(format!("confirm prompt: {e}")))?;
21
22        if !confirmed {
23            output::info("Cancelled.");
24            return Ok(());
25        }
26    }
27
28    // Open the vault (requires password).
29    let keyfile = load_keyfile(cli)?;
30    let vault_id = path.to_string_lossy();
31    let password = prompt_password_for_vault(Some(&vault_id))?;
32    let mut store = VaultStore::open(&path, password.as_bytes(), keyfile.as_deref())?;
33
34    // Delete the secret and save.
35    store.delete_secret(key)?;
36    store.save()?;
37
38    crate::audit::log_audit(cli, "delete", Some(key), None);
39    output::success(&format!("Deleted secret '{key}'"));
40
41    Ok(())
42}
envvault/cli/commands/delete.rs

envvault/cli/commands/
delete.rs
