feat: implement get --with-value command

evgeniy-scherbina · evgeniy-scherbina · commit e288818cb25a · 2025-07-16T20:26:34.000Z
diff --git a/cli/user_secrets.go b/cli/user_secrets.go
@@ -92,7 +92,7 @@ func (r *RootCmd) secretList() *serpent.Command {
 
 func (r *RootCmd) secretGet() *serpent.Command {
 	client := new(codersdk.Client)
-	//var value string
+	var withValue bool
 	cmd := &serpent.Command{
 		Use:   "get <name>",
 		Short: "Get user secret",
@@ -107,17 +107,28 @@ func (r *RootCmd) secretGet() *serpent.Command {
 				return err
 			}
 
-			fmt.Fprintf(inv.Stdout, "ID | Name | Description\n")
-			fmt.Fprintf(inv.Stdout, "%v - %v - %v\n", secret.ID, secret.Name, secret.Description)
+			userSecretValue := codersdk.UserSecretValue{
+				Value: "hidden",
+			}
+			if withValue {
+				userSecretValue, err = client.GetUserSecretValue(inv.Context(), secretName)
+				if err != nil {
+					return err
+				}
+			}
+			value := userSecretValue.Value
+
+			fmt.Fprintf(inv.Stdout, "ID | Name | Description | Value\n")
+			fmt.Fprintf(inv.Stdout, "%v - %v - %v - %v\n", secret.ID, secret.Name, secret.Description, value)
 			return nil
 		},
 	}
 	cmd.Options = serpent.OptionSet{
-		//{
-		//	Flag:        "value",
-		//	Description: "Value of the secret (required).",
-		//	Value:       serpent.StringOf(&value),
-		//},
+		{
+			Flag:        "with-value",
+			Description: "Display value of the secret.",
+			Value:       serpent.BoolOf(&withValue),
+		},
 	}
 	return cmd
 }
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -1250,6 +1250,7 @@ func New(options *Options) *API {
 					r.Post("/", api.createUserSecret)
 					r.Get("/", api.listUserSecrets)
 					r.Get("/{name}", api.getUserSecret)
+					r.Get("/{name}/value", api.getUserSecretValue)
 				})
 				r.Route("/{user}", func(r chi.Router) {
 					r.Group(func(r chi.Router) {
diff --git a/coderd/user_secrets.go b/coderd/user_secrets.go
@@ -104,3 +104,33 @@ func (api *API) getUserSecret(rw http.ResponseWriter, r *http.Request) {
 
 	httpapi.Write(ctx, rw, http.StatusOK, response)
 }
+
+// Returns a user secret value.
+//
+// @Summary Returns a user secret value.
+// @ID get-user-secret-value
+// @Security CoderSessionToken
+// @Produce json
+// @Tags User-Secrets
+// @Success 200 {object} codersdk.UserSecretValue
+// @Router /users/secrets/{name}/value [get]
+func (api *API) getUserSecretValue(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	apiKey := httpmw.APIKey(r)
+	secretName := chi.URLParam(r, "name")
+
+	userSecret, err := api.Database.GetUserSecret(ctx, database.GetUserSecretParams{
+		UserID: apiKey.UserID,
+		Name:   secretName,
+	})
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	response := codersdk.UserSecretValue{
+		Value: userSecret.Value,
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, response)
+}
diff --git a/coderd/user_secrets_test.go b/coderd/user_secrets_test.go
@@ -72,4 +72,9 @@ func TestUserSecrets(t *testing.T) {
 	require.Equal(t, templateAdmin.ID, userSecret.UserID)
 	require.Equal(t, userSecretName, userSecret.Name)
 	require.Equal(t, userSecretDescription, userSecret.Description)
+
+	// test get value API
+	userSecretValue, err := templateAdminClient.GetUserSecretValue(ctx, userSecretName)
+	require.NoError(t, err)
+	require.Equal(t, "secretkey", userSecretValue.Value)
 }
diff --git a/codersdk/user_secrets.go b/codersdk/user_secrets.go
@@ -96,3 +96,21 @@ func (c *Client) GetUserSecret(ctx context.Context, secretName string) (UserSecr
 	var userSecret UserSecret
 	return userSecret, json.NewDecoder(res.Body).Decode(&userSecret)
 }
+
+func (c *Client) GetUserSecretValue(ctx context.Context, secretName string) (UserSecretValue, error) {
+	res, err := c.Request(ctx, http.MethodGet,
+		fmt.Sprintf("/api/v2/users/secrets/%v/value", secretName),
+		nil,
+	)
+	if err != nil {
+		return UserSecretValue{}, xerrors.Errorf("execute request: %w", err)
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != http.StatusOK {
+		return UserSecretValue{}, ReadBodyAsError(res)
+	}
+
+	var userSecretValue UserSecretValue
+	return userSecretValue, json.NewDecoder(res.Body).Decode(&userSecretValue)
+}
