pub fn exec_clean_env(
secrets: &HashMap<String, String>,
keep: &HashMap<String, String>,
cmd_parts: &[String],
) -> SafeResult<i32>Expand description
Like exec_with_secrets but starts from a clean environment (no parent env inherited),
then adds back only the keep entries from the parent, and finally injects secrets.
Used by tsafe exec --no-inherit and tsafe exec --only KEY,....