allow to restrict the env vars passed to plugins

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 14:50:55 +03:00 · 2023-10-29 15:19:30 +01:00
parent 9a7a3b00dc
commit 5c938e46b7
10 changed files with 90 additions and 13 deletions
--- a/internal/plugin/kms.go
+++ b/internal/plugin/kms.go
@@ -16,7 +16,6 @@ package plugin

 import (
 	"fmt"
-	"os/exec"
 	"path/filepath"

 	"github.com/hashicorp/go-hclog"
@@ -81,7 +80,8 @@ func (p *kmsPlugin) initialize() error {
 	client := plugin.NewClient(&plugin.ClientConfig{
 		HandshakeConfig: kmsplugin.Handshake,
 		Plugins:         kmsplugin.PluginMap,
-		Cmd:             exec.Command(p.config.Cmd, p.config.Args...),
+		Cmd:             p.config.getCommand(),
+		SkipHostEnv:     true,
 		AllowedProtocols: []plugin.Protocol{
 			plugin.ProtocolGRPC,
 		},