feat: add vault variables support to keboola-as-code

[Matovidlo]

Summary

This PR adds support for Keboola Vault Variables to the keboola-as-code CLI, enabling users to manage secure key-value pairs through the CLI and track them in the project manifest.

Key Changes:

• Extended manifest model with a new vault section to store vault variables
• Added --vault-enabled flag to kbc pull command to fetch and update vault variables
• Implemented kbc remote vault create command (interactive with optional parameter)
• Implemented kbc remote vault delete command (interactive with optional parameter)
• Both create/delete commands automatically update the local manifest

Dependencies:

• Updates SDK to use vault variables API from keboola-sdk-go PR #54 (currently open)

Release Notes

Added vault variables management to keboola-as-code CLI:

• New kbc remote vault create and kbc remote vault delete commands
• New --vault-enabled flag for kbc pull to sync vault variables to manifest
• Vault variables are now tracked in .keboola/manifest.json under the vault section

Plans for customer communication

None.

Impact analysis

Affected Components:

• Manifest file structure (adds optional vault section)
• Pull command (adds optional --vault-enabled flag)
• Remote commands (adds new vault subcommand)

Backward Compatibility:

• The vault section in manifest is optional (omitempty), so existing manifests remain valid
• The --vault-enabled flag is opt-in, so existing pull workflows are unaffected
• No breaking changes to existing functionality

Risk Areas:

1. SDK Dependency: Depends on unreleased SDK PR Rename/normalize paths after persist #54 - if that PR changes, this will need updates
2. No Tests: Per user request, no tests were implemented - functionality is untested
3. Security: Vault variables are stored in plaintext in the manifest file - users should be aware of this

Change type

• Feature
• Bug fix
• Refactoring
• Documentation

Justification

Enables users to manage Keboola Vault Variables through the CLI and track them in version control alongside other project configurations, providing a complete infrastructure-as-code workflow.

Deployment

Merge & automatic deploy.

Rollback plan

Revert of this PR.

Post release support plan

None.

---

Human Review Checklist

Critical Items:

1. ⚠️ SDK Integration: Verify the vault variable API calls match the implementation in keboola-sdk-go PR #54
2. ⚠️ Manifest Compatibility: Confirm that adding the vault section doesn't break existing manifest parsing/validation
3. ⚠️ Security: Review if storing vault variables in plaintext in manifest is acceptable (they contain sensitive values)
4. Error Handling: Check error handling in vault create/delete commands (network failures, permission issues, duplicate names, etc.)
5. Pull Command: Verify --vault-enabled flag integration doesn't affect existing pull workflows
6. Interactive Dialogs: Review the dialog implementations for create/delete commands

Files to Review:

• internal/pkg/project/manifest/file.go - Manifest structure changes
• internal/pkg/project/manifest/manifest.go - Vault variable management methods
• internal/pkg/service/cli/cmd/sync/pull/cmd.go - Pull command integration
• internal/pkg/service/cli/cmd/remote/vault/create/cmd.go - Create command implementation
• internal/pkg/service/cli/cmd/remote/vault/delete/cmd.go - Delete command implementation

---

Link to Devin run: https://app.devin.ai/sessions/4be19827f2044d95aa2dac9c48afc0e3
Requested by: Martin Vasko ([email protected]) / @Matovidlo

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring