From 8ffeec1eb1f776d4e79d064c3497a2d8652edab9 Mon Sep 17 00:00:00 2001
From: Nelson Isioma <nelsonisioma1@gmail.com>
Date: Tue, 18 Feb 2025 12:41:12 +0100
Subject: [PATCH 1/2] updating readme

---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README.md b/README.md
index 89409ba..10ce716 100644
--- a/README.md
+++ b/README.md
@@ -105,6 +105,19 @@ For Scripting we have a -j or --json flag to convert the Output for the create,
 
 Note: The JSON Output does not cover Error Messages, you can detect Errors by checking if the Exitcode is not 0
 
+# Exposing Secrets to Subprocesses
+The `exec` command allows you to execute another command with environment variables that reference secrets stored in Passbolt.
+Any environment variables containing `passbolt://` references are automatically resolved to their corresponding secret values
+before the specified command is executed. This ensures that secrets are securely injected into the child process's environment
+without exposing them to the parent shell.
+For example:
+```bash
+export GITHUB_TOKEN=passbolt://<PASSBOLT_RESOURCE_ID_HERE>
+passbolt exec -- gh auth login
+```
+
+This would resolve the passbolt:// reference in GITHUB_TOKEN to its actual secret value and pass it to the gh process.
+
 # Documentation
 Usage for all Subcommands is [here](https://github.com/passbolt/go-passbolt-cli/wiki/passbolt).
 And is also available via `man passbolt`

From 8ae52363cc9fc6ae0b07bc3b45c222213d294495 Mon Sep 17 00:00:00 2001
From: Nelson Isioma <nelsonisioma1@gmail.com>
Date: Tue, 18 Feb 2025 12:57:13 +0100
Subject: [PATCH 2/2] wip 3

---
 cmd/exec.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/cmd/exec.go b/cmd/exec.go
index 592fd60..df6e2e6 100644
--- a/cmd/exec.go
+++ b/cmd/exec.go
@@ -3,14 +3,15 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+
 	"github.com/passbolt/go-passbolt-cli/util"
 	"github.com/passbolt/go-passbolt/api"
 	"github.com/passbolt/go-passbolt/helper"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"os"
-	"os/exec"
-	"strings"
 )
 
 const PassboltPrefix = "passbolt://"
@@ -92,6 +93,10 @@ func resolveEnvironmentSecrets(ctx context.Context, client *api.Client) ([]strin
 		}
 
 		envVars[i] = key + "=" + secret
+
+		if viper.GetBool("debug") {
+			fmt.Fprintf(os.Stdout, "%v env var populated with resource id %v\n", key, resourceId)
+		}
 	}
 
 	return envVars, nil