Merge branch 'release/0.8.12'

Author: ljonesfl

.version.json

@@ -2,6 +2,6 @@
   "strategy": "semver",
   "major": 0,
   "minor": 8,
-  "patch": 11,
+  "patch": 12,
   "build": 0
 }

src/Cli/Commands/Secrets/EditCommand.php

@@ -57,6 +57,13 @@ public function execute(): int
 		$configPath = $this->input->getOption( 'config', 'config' );
 		$env = $this->input->getOption( 'env' );
 
+		// Validate environment name to prevent path traversal
+		if( $env && !preg_match( '/^[a-zA-Z0-9_-]+$/', $env ) )
+		{
+			$this->output->error( "Invalid environment name. Only letters, numbers, hyphens, and underscores are allowed." );
+			return 1;
+		}
+
 		// Handle editor option - could be null, true (flag without value), or a string
 		$editorOption = $this->input->getOption( 'editor' );
 		if( is_string( $editorOption ) && $editorOption !== '' )
@@ -71,8 +78,8 @@ public function execute(): int
 		// Determine paths based on environment
 		if( $env )
 		{
-			$credentialsPath = $configPath . '/secrets/' . $env . '.yml.enc';
-			$keyPath = $configPath . '/secrets/' . $env . '.key';
+			$credentialsPath = $configPath . '/environments/' . $env . '.secrets.yml.enc';
+			$keyPath = $configPath . '/environments/' . $env . '.key';
 			$this->output->info( "Editing {$env} environment secrets..." );
 		}
 		else

src/Cli/Commands/Secrets/Key/GenerateCommand.php

@@ -60,10 +60,17 @@ public function execute(): int
 		$force = $this->input->hasOption( 'force' );
 		$show = $this->input->hasOption( 'show' );
 
+		// Validate environment name to prevent path traversal
+		if( $env && !preg_match( '/^[a-zA-Z0-9_-]+$/', $env ) )
+		{
+			$this->output->error( "Invalid environment name. Only letters, numbers, hyphens, and underscores are allowed." );
+			return 1;
+		}
+
 		// Determine key path based on environment
 		if( $env )
 		{
-			$keyPath = $configPath . '/secrets/' . $env . '.key';
+			$keyPath = $configPath . '/environments/' . $env . '.key';
 			$keyName = $env . ' environment key';
 
 			// Ensure directory exists

src/Cli/Commands/Secrets/ShowCommand.php

@@ -61,6 +61,13 @@ public function execute(): int
 		$specificKey = $this->input->getOption( 'key' );
 		$force = $this->input->hasOption( 'force' );
 
+		// Validate environment name to prevent path traversal
+		if( $env && !preg_match( '/^[a-zA-Z0-9_-]+$/', $env ) )
+		{
+			$this->output->error( "Invalid environment name. Only letters, numbers, hyphens, and underscores are allowed." );
+			return 1;
+		}
+
 		// Security confirmation for production
 		if( !$force && $env === 'production' )
 		{
@@ -76,8 +83,8 @@ public function execute(): int
 		// Determine paths based on environment
 		if( $env )
 		{
-			$credentialsPath = $configPath . '/secrets/' . $env . '.yml.enc';
-			$keyPath = $configPath . '/secrets/' . $env . '.key';
+			$credentialsPath = $configPath . '/environments/' . $env . '.secrets.yml.enc';
+			$keyPath = $configPath . '/environments/' . $env . '.key';
 			$title = ucfirst( $env ) . " Environment Secrets";
 		}
 		else

tests/Cli/Commands/Secrets/EditCommandTest.php

@@ -143,8 +143,8 @@ public function testExecuteWithEnvironment(): void
 		$result = $this->command->execute();
 		$outputContent = ob_get_clean();
 
-		$keyPath = $this->testConfigPath . '/secrets/production.key';
-		$credentialsPath = $this->testConfigPath . '/secrets/production.yml.enc';
+		$keyPath = $this->testConfigPath . '/environments/production.key';
+		$credentialsPath = $this->testConfigPath . '/environments/production.secrets.yml.enc';
 
 		// Execute should succeed
 		$this->assertEquals( 0, $result );
@@ -185,9 +185,9 @@ public function testExecuteCreatesEnvironmentDirectory(): void
 		$result = $this->command->execute();
 		$outputContent = ob_get_clean();
 
-		$secretsDir = $this->testConfigPath . '/secrets';
+		$secretsDir = $this->testConfigPath . '/environments';
 		$keyPath = $secretsDir . '/staging.key';
-		$credentialsPath = $secretsDir . '/staging.yml.enc';
+		$credentialsPath = $secretsDir . '/staging.secrets.yml.enc';
 
 		// Execute should succeed
 		$this->assertEquals( 0, $result );

tests/Cli/Commands/Secrets/Key/GenerateCommandTest.php

@@ -113,8 +113,8 @@ public function testExecuteGeneratesEnvironmentKey(): void
 		$this->assertEquals( 0, $result );
 
 		// Directory and key file should exist
-		$this->assertDirectoryExists( $this->testConfigPath . '/secrets' );
-		$keyPath = $this->testConfigPath . '/secrets/production.key';
+		$this->assertDirectoryExists( $this->testConfigPath . '/environments' );
+		$keyPath = $this->testConfigPath . '/environments/production.key';
 		$this->assertFileExists( $keyPath );
 
 		// Check output contains success message

tests/Cli/Commands/Secrets/ShowCommandTest.php

@@ -142,9 +142,9 @@ public function testExecuteShowsSpecificKey(): void
 	public function testExecuteProductionConfirmation(): void
 	{
 		// Create test secrets for production environment
-		mkdir( $this->testConfigPath . '/secrets', 0755, true );
-		$keyPath = $this->testConfigPath . '/secrets/production.key';
-		$credentialsPath = $this->testConfigPath . '/secrets/production.yml.enc';
+		mkdir( $this->testConfigPath . '/environments', 0755, true );
+		$keyPath = $this->testConfigPath . '/environments/production.key';
+		$credentialsPath = $this->testConfigPath . '/environments/production.secrets.yml.enc';
 
 		$key = $this->secretManager->generateKey( $keyPath );
 

versionlog.md

@@ -1,3 +1,5 @@
+## 0.8.12 2026-01-12
+
 ## 0.8.11 2026-01-06
 
 ## 0.8.10 2026-01-06