Add support of Environment Variables Import

README.md

@@ -255,7 +255,8 @@ The configuration file utilizes YAML objects to describe the secret literals, wh
 | accessModifier   | String                    | The access-level modifier of the generated Swift property containing obfuscated secret literal's data. The supported values are `internal` and `public`. If not specified, the top-level `defaultAccessModifier` value is used. See [Access control](#access-control) section for usage details. |
 | name             | String                    | The name of the generated Swift property containing obfuscated secret literal's data. This value is used as-is, without validity checking. Thus, make sure to use a valid property name.<br/><sub>**Required.**</sub> | 
 | namespace        | String                    | The namespace in which to enclose the generated secret literal declaration. See [Namespaces](#namespaces) section for usage details. |
-| value            | String or List of strings | The plain value of the secret literal, which is to be obfuscated. The YAML data types are mapped to `String` and `Array<String>` in Swift, respectively.<br/><sub>**Required.**</sub> |
+| environmentKey   | String                    | The environment variable name to be used to retrieve the plain value of the secret literal. If not specified, the `value` is used. |
+| value            | String or List of strings | The plain value of the secret literal, which is to be obfuscated. The YAML data types are mapped to `String` and `Array<String>` in Swift, respectively.<br/><sub>**Required if `environmentKey` is not specified.**</sub> |
 
 <details>
 <summary><strong>Example secret definition</strong></summary>

Sources/ConfidentialCore/Extensions/Foundation/CodingUserInfoKey/CodingUserInfoKey+Environment.swift

@@ -0,0 +1,5 @@
+import Foundation
+
+extension CodingUserInfoKey {
+    public static let processInfoEnvironment = CodingUserInfoKey(rawValue: "processInfoEnvironment")!
+}

Sources/ConfidentialCore/Models/Configuration/Configuration.swift

@@ -26,7 +26,7 @@ public extension Configuration {
 
 extension Configuration {
 
-    struct Secret: Hashable, Decodable {
+    struct Secret: Hashable {
         let name: String
         let value: Value
         let namespace: String?
@@ -65,3 +65,52 @@ private extension Configuration {
         case secrets
     }
 }
+
+extension Configuration.Secret: Decodable {
+    fileprivate enum CodingKeys: String, CodingKey {
+        case name
+        case value
+        case namespace
+        case accessModifier
+        case environmentKey
+    }
+
+    init(from decoder: any Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+
+        name = try container.decode(String.self, forKey: .name)
+        namespace = try container.decodeIfPresent(String.self, forKey: .namespace)
+        accessModifier = try container.decodeIfPresent(String.self, forKey: .accessModifier)
+        guard container.contains(.environmentKey) else {
+            value = try container.decode(Configuration.Secret.Value.self, forKey: .value)
+            return
+        }
+
+        guard let environment = decoder.userInfo[.processInfoEnvironment] else {
+            throw DecodingError.dataCorrupted(
+                DecodingError.Context(
+                    codingPath: [CodingKeys.environmentKey],
+                    debugDescription: "userInfo[CodingUserInfoKey.processInfoEnvironment] not set"
+                )
+            )
+        }
+
+        guard let keyedVariables = environment as? [String: String] else {
+            throw DecodingError.typeMismatch([String: String].self, DecodingError.Context(codingPath: [CodingKeys.environmentKey], debugDescription: "processInfoEnvironment expected to be of [String: String] type"))
+        }
+
+        let key = try container.decode(String.self, forKey: CodingKeys.environmentKey)
+
+        guard let environmentValue = keyedVariables[key] else {
+            throw DecodingError.keyNotFound(
+                CodingKeys.environmentKey,
+                DecodingError.Context(
+                    codingPath: [CodingKeys.environmentKey],
+                    debugDescription: "environment must containn value for key `\(key)`"
+                )
+            )
+        }
+
+        value = .singleValue(environmentValue)
+    }
+}

Sources/swift-confidential/Subcommands/Obfuscate.swift

@@ -38,7 +38,13 @@ extension SwiftConfidential {
             }
 
             let configurationYAML = try Data(contentsOf: configuration)
-            let configuration = try YAMLDecoder().decode(Configuration.self, from: configurationYAML)
+            let configuration = try YAMLDecoder().decode(
+                Configuration.self,
+                from: configurationYAML,
+                userInfo: [
+                    CodingUserInfoKey.processInfoEnvironment:  ProcessInfo.processInfo.environment
+                ]
+            )
 
             var sourceSpecification = try Parsers.ModelTransform.SourceSpecification()
                 .parse(configuration)

Tests/ConfidentialCoreTests/Models/Configuration/ConfigurationTests.swift

@@ -26,6 +26,7 @@ final class ConfigurationTests: XCTestCase {
         """.utf8
         )
         let decoder = JSONDecoder()
+        decoder.userInfo[CodingUserInfoKey.processInfoEnvironment] = [:]
 
         // when & then
         var configuration: Configuration?
@@ -131,4 +132,51 @@ final class ConfigurationTests: XCTestCase {
             result
         )
     }
+
+    func test_givenSecretSingleEnvironmentalValue_whenDecodeWithJSONDecoder_thenNoThrowAndReturnsExpectedValueInstance() throws {
+        // given
+        let environmentKey = "foo"
+        let environmentValue = "bar"
+        let environment = [environmentKey : environmentValue]
+        let secret = ("secret", environmentKey, environmentValue)
+        let jsonValue = try XCTUnwrap(
+        """
+        { "name": "\(secret.0)", "environmentKey": "\(secret.1)" }
+        """.data(using: .utf8)
+        )
+        let decoder = JSONDecoder()
+        decoder.userInfo[.processInfoEnvironment] = environment
+
+        // when
+        let decodedSecret = try decoder.decode(Configuration.Secret.self, from: jsonValue)
+
+        // then
+        XCTAssertEqual(
+            Configuration.Secret(
+                name: secret.0,
+                value: .singleValue(secret.2),
+                namespace: .none,
+                accessModifier: .none
+            ),
+            decodedSecret
+        )
+    }
+
+    func test_givenSecretSingleMissingEnvironmentalValue_whenDecodeWithJSONDecoder_thenThrowsError() throws {
+
+        // given
+        let environmentKey = "foo"
+        XCTAssertNil(ProcessInfo.processInfo.environment[environmentKey])
+        let secret = ("secret", environmentKey)
+        let jsonValue = try XCTUnwrap(
+        """
+        { "name": "\(secret.0)", "environmentKey": "\(secret.1)" }
+        """.data(using: .utf8)
+        )
+        let decoder = JSONDecoder()
+        decoder.userInfo[.processInfoEnvironment] = [:]
+
+        // when
+        XCTAssertThrowsError(try decoder.decode(Configuration.Secret.self, from: jsonValue))
+    }
 }