feat(set): adds --safe flag for preventing accidental overwrites

2026-02-11 17:38:36 +00:00 · 2026-02-11 17:38:36 +00:00 · ac847f34ca
commit ac847f34ca
parent 6e1af5ba28
4 changed files with 26 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -139,6 +139,12 @@ pda set name "Alice"
 echo "Alice" | pda set name
 cat dogs.txt | pda set dogs
 pda set kitty < cat.png
+
+# --safe to skip if the key already exists.
+pda set name "Alice" --safe
+pda set name "Bob" --safe
+pda get name
+# Alice
 ```

 <p align="center"></p><!-- spacer -->
--- a/cmd/set.go
+++ b/cmd/set.go
@ -62,6 +62,10 @@ func set(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
+	safe, err := cmd.Flags().GetBool("safe")
+	if err != nil {
+		return err
+	}
 	promptOverwrite := interactive || config.Key.AlwaysPromptOverwrite

 	secret, err := cmd.Flags().GetBool("encrypt")
@ -116,6 +120,10 @@ func set(cmd *cobra.Command, args []string) error {

 	idx := findEntry(entries, spec.Key)

+	if safe && idx >= 0 {
+		return nil
+	}
+
 	// Warn if overwriting an encrypted key without --encrypt
 	if idx >= 0 && entries[idx].Secret && !secret {
 		warnf("overwriting encrypted key '%s' as plaintext", spec.Display())
@ -160,4 +168,5 @@ func init() {
 	setCmd.Flags().DurationP("ttl", "t", 0, "Expire the key after the provided duration (e.g. 24h, 30m)")
 	setCmd.Flags().BoolP("interactive", "i", false, "Prompt before overwriting an existing key")
 	setCmd.Flags().BoolP("encrypt", "e", false, "Encrypt the value at rest using age")
+	setCmd.Flags().Bool("safe", false, "Do not overwrite if the key already exists")
 }
--- a/testdata/help-set.ct
+++ b/testdata/help-set.ct
@ -24,6 +24,7 @@ Flags:
  -e, --encrypt        Encrypt the value at rest using age
  -h, --help           help for set
  -i, --interactive    Prompt before overwriting an existing key
+      --safe           Do not overwrite if the key already exists
  -t, --ttl duration   Expire the key after the provided duration (e.g. 24h, 30m)
 Set a key to a given value or stdin. Optionally specify a store.

@ -49,4 +50,5 @@ Flags:
  -e, --encrypt        Encrypt the value at rest using age
  -h, --help           help for set
  -i, --interactive    Prompt before overwriting an existing key
+      --safe           Do not overwrite if the key already exists
  -t, --ttl duration   Expire the key after the provided duration (e.g. 24h, 30m)
--- a/testdata/set-safe.ct
+++ b/testdata/set-safe.ct
@ -0,0 +1,9 @@
+$ pda set key@ss "original" --safe
+$ pda get key@ss
+"original"
+$ pda set key@ss "overwritten" --safe
+$ pda get key@ss
+"original"
+$ pda set newkey@ss "fresh" --safe
+$ pda get newkey@ss
+"fresh"