nullstone secrets add/update

[BSick7]

It would be useful for a user to add a secret via Nullstone without worrying about anything else.

As an example, a user wants to include a secret in their .nullstone/prod.yaml, they would do the following:

nullstone secrets add --stack=core --env=prod --name=openai-key --value=xyz
# or
echo "xyz" | nullstone secrets add --stack=core --name=openai-key --env=prod --value=-

There would also be a command to update the secret value.

nullstone secrets update --stack=core --env=prod --name=openai-key --value=xyz

How it works

This would add a secret to AWS or GCP secrets manager (based on which cloud account was configured with that environment in Nullstone).
The command then emits the AWS secret arn or GCP secret id that can be used to copy into .nullstone/config.yml.

If openai-key already exists in the secrets manager, this would warn the user unless they specified --overwrite which would work as nullstone secrets update.

A user must be an architect/owner of a stack to write secrets.

Questions

Which format should be emitted?

• {{ secret(<secret-arn>) }}
• <secret-arn>