From 03033a0f534752bab677d6ea6d7dd071d2a5ef23 Mon Sep 17 00:00:00 2001
From: Nick Goodall <nbgoodall@users.noreply.github.com>
Date: Tue, 13 Jan 2026 14:08:45 +0000
Subject: [PATCH] pretty secrets

---
 main.go | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/main.go b/main.go
index 2b33e79..2fdf640 100644
--- a/main.go
+++ b/main.go
@@ -5,6 +5,7 @@ import (
 	"bufio"
 	"bytes"
 	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -598,6 +599,7 @@ const (
 	remoteWindowSize          = 10
 	remoteIndent              = "   "
 	remoteLineColor           = "\033[96m"
+	headerColor               = "\033[95m"
 	localTimeColor            = "\033[92m"
 	remoteColorReset          = "\033[0m"
 )
@@ -841,23 +843,47 @@ func runSecretsList(ctx *deploymentContext) error {
 		return err
 	}
 
-	var keys []string
+	type secretRow struct {
+		key    string
+		digest string
+	}
+
+	var rows []secretRow
 	for _, line := range lines {
-		if key, _, ok := parseEnvLine(line); ok {
-			keys = append(keys, key)
+		if key, value, ok := parseEnvLine(line); ok {
+			rows = append(rows, secretRow{
+				key:    key,
+				digest: secretDigest(value),
+			})
 		}
 	}
-	if len(keys) == 0 {
+	if len(rows) == 0 {
 		fmt.Println("no secrets found")
 		return nil
 	}
-	sort.Strings(keys)
-	for _, key := range keys {
-		fmt.Println(key)
+	sort.Slice(rows, func(i, j int) bool {
+		return rows[i].key < rows[j].key
+	})
+	nameWidth := len("NAME")
+	for _, row := range rows {
+		if lw := len(row.key); lw > nameWidth {
+			nameWidth = lw
+		}
+	}
+	fmt.Printf("%s%-*s  %s%s\n", headerColor, nameWidth, "NAME", "DIGEST", remoteColorReset)
+	for _, row := range rows {
+		fmt.Printf("%-*s  %s\n", nameWidth, row.key, row.digest)
 	}
 	return nil
 }
 
+func secretDigest(value string) string {
+	sum := sha256.Sum256([]byte(value))
+	// Return only a prefix so the table stays narrow but still reveals changes.
+	const shortBytes = 6
+	return fmt.Sprintf("%x", sum[:shortBytes])
+}
+
 type envAssignment struct {
 	key   string
 	value string