Decode base64 test secrets by default when fetching test secrets

smartcontractkit · Jan 16, 2025 · a83d40e · a83d40e
1 parent ad8c475
commit a83d40e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/tools/ghsecrets/README.md b/tools/ghsecrets/README.md
@@ -85,10 +85,10 @@ If you want to retrieve an existing secret from AWS Secrets Manager, use:
 ghsecrets get --secret-id testsecrets/MySecretName --profile <your-aws-sdlc-profile>
 ```
 
-By default, it prints out the Base64-encoded string. To decode it automatically:
+By default, it tries to decode a Base64-encoded test secret. To disable decoding use `--decode false` flag:
 
 ```sh
-ghsecrets get --secret-id testsecrets/MySecretName --decode --profile <your-aws-sdlc-profile>
+ghsecrets get --secret-id testsecrets/MySecretName --decode false --profile <your-aws-sdlc-profile>
 ```
 
 ## FAQ

diff --git a/tools/ghsecrets/main.go b/tools/ghsecrets/main.go
@@ -106,7 +106,7 @@ func main() {
 	setCmd.PersistentFlags().StringSliceVar(&sharedWith, "shared-with", []string{}, "Comma-separated list of IAM ARNs to share the secret with")
 
 	getCmd.PersistentFlags().StringVarP(&secretID, "secret-id", "s", "", "ID of the secret to retrieve")
-	getCmd.PersistentFlags().BoolVarP(&decode, "decode", "d", false, "Decode the Base64-encoded secret value")
+	getCmd.PersistentFlags().BoolVarP(&decode, "decode", "d", true, "Decode the Base64-encoded secret value")
 	getCmd.PersistentFlags().StringVar(&profile, "profile", "", "AWS profile to use for credentials (required for AWS backend)")
 
 	getCmd.MarkPersistentFlagRequired("secret-id")