dbgov-cli 0.2.5 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -77,10 +77,11 @@ dbgov doctor config -o json # static + read-only diagnostics
|
|
|
77
77
|
## 🚀 Quick start (60 seconds)
|
|
78
78
|
|
|
79
79
|
```bash
|
|
80
|
-
# 1. Point dbgov at your database (stored as a reusable "context"; password
|
|
81
|
-
|
|
80
|
+
# 1. Point dbgov at your database (stored as a reusable "context"; password stays out of YAML)
|
|
81
|
+
dbgov ctx set prod --engine mysql \
|
|
82
82
|
--host 127.0.0.1 --port 3306 --database app --username appuser --env prod --protected
|
|
83
83
|
dbgov ctx use prod
|
|
84
|
+
export DBGOV_PASSWORD='***' # consumed when commands connect if the context has no stored credential
|
|
84
85
|
|
|
85
86
|
# 2. Read — read-only SQL is free (R0) and rejects writes
|
|
86
87
|
dbgov query --sql "SELECT id, name FROM users LIMIT 10" -o json
|
|
@@ -196,6 +197,7 @@ dbgov rollback --to <snapshot-id> --ticket DB-123 --yes -o json # structure on
|
|
|
196
197
|
```bash
|
|
197
198
|
# Contexts (MySQL or PostgreSQL)
|
|
198
199
|
dbgov ctx set <name> --engine mysql|postgres --host <h> --port <p> --database <db> --username <u> [--protected]
|
|
200
|
+
dbgov ctx set <name> --engine mysql|postgres --host <h> --port <p> --database <db> --username <u> --credential-backend keychain|encrypted-file --password <secret>
|
|
199
201
|
dbgov ctx use|list|current|delete
|
|
200
202
|
dbgov ctx export <name> [--include-credentials] -o json
|
|
201
203
|
dbgov ctx import -f ctx.yaml [--rename <new>] [--force] -o json
|
|
@@ -219,6 +221,8 @@ dbgov version
|
|
|
219
221
|
```
|
|
220
222
|
|
|
221
223
|
> `audit prune` only deletes **rotated** logs (never the active `audit.log`), defaults to a dry-run, and needs `--confirm` to remove files. Set `DBGOV_OPERATOR` in CI to keep audit/RBAC identity stable.
|
|
224
|
+
|
|
225
|
+
For non-interactive runs, prefer `DBGOV_PASSWORD`; it is read when a command opens a connection and the selected context has no stored credential. To persist a password through `ctx set`, `--password` requires `--credential-backend keychain` or `--credential-backend encrypted-file`; plain-yaml `ctx set --password` is rejected. Legacy/imported inline credentials remain readable for migration and export compatibility.
|
|
222
226
|
</details>
|
|
223
227
|
|
|
224
228
|
---
|
|
@@ -257,7 +261,7 @@ golangci-lint run --timeout=5m
|
|
|
257
261
|
|
|
258
262
|
MySQL / PostgreSQL integration tests are opt-in via `DBGOV_TEST_MYSQL_DSN` and `DBGOV_TEST_POSTGRES_DSN`. See [CONTRIBUTING.md](CONTRIBUTING.md) and the security policy in [SECURITY.md](SECURITY.md).
|
|
259
263
|
|
|
260
|
-
dbgov-cli is built on the shared [`opskit-core`](https://github.com/JiangHe12/opskit-core) governance engine and is part of the **opskit** family of governed CLIs for AI agents — alongside [`cfgov-cli`](https://www.npmjs.com/package/cfgov-cli) (config & Sentinel rules) and `
|
|
264
|
+
dbgov-cli is built on the shared [`opskit-core`](https://github.com/JiangHe12/opskit-core) governance engine and is part of the **opskit** family of governed CLIs for AI agents — alongside [`srvgov-cli`](https://www.npmjs.com/package/srvgov-cli) (remote servers), [`cfgov-cli`](https://www.npmjs.com/package/cfgov-cli) (config & Sentinel rules), and [`mqgov-cli`](https://www.npmjs.com/package/mqgov-cli) (message brokers).
|
|
261
265
|
|
|
262
266
|
---
|
|
263
267
|
|