Skip to content

fix: change default secret type for delete command from personal to shared#149

Open
devin-ai-integration[bot] wants to merge 2 commits intomainfrom
devin/1773674452-fix-delete-secret-type-default
Open

fix: change default secret type for delete command from personal to shared#149
devin-ai-integration[bot] wants to merge 2 commits intomainfrom
devin/1773674452-fix-delete-secret-type-default

Conversation

@devin-ai-integration
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot commented Mar 16, 2026

Summary

Changes the default value of the --type flag on infisical secrets delete from "personal" to "shared" (via util.SECRET_TYPE_SHARED).

Bug: Running infisical secrets delete SECRET_NAME without an explicit --type flag would send type: "personal" in the request body. The backend then filters for a personal secret owned by the current user — which doesn't match shared secrets (the most common type). This causes a 404 "Secret not found" even though the secret exists and infisical secrets get SECRET_NAME finds it.

Root cause: The get subcommand uses the LIST endpoint (with include_imports=true) and filters client-side, so it finds secrets regardless of type. The delete subcommand hits the single-secret DELETE endpoint, where the type field directly controls the DB query filter. Defaulting to "personal" meant shared secrets could never be deleted without explicitly passing --type shared.

Consistency: The set subcommand already defaults to util.SECRET_TYPE_SHARED. This change aligns delete with that convention.

Review & Testing Checklist for Human

  • Verify this is not a breaking change for your users: Anyone relying on infisical secrets delete X to delete personal secrets without passing --type personal will now delete the shared secret instead. Confirm this is the desired behavior.
  • End-to-end test: Create a shared secret via infisical secrets set FOO=bar, then delete it with infisical secrets delete FOO (no --type flag). Confirm it succeeds instead of returning 404.
  • Personal secret test: Verify that infisical secrets delete FOO --type personal still correctly deletes personal secrets.

Notes

  • The Go build was not verified locally (no Go toolchain on dev machine); CI should confirm compilation.
  • The help text for the flag was also updated to reflect the new default: (default: shared).

Link to Devin session: https://app.devin.ai/sessions/3bd5289d5891499aaf5c27f2d74ede57

@jakehulberg @devin-ai-integration
fix: change default secret type for delete command from personal to s…
e110fde 
…hared

The delete command defaulted type to 'personal', causing 404 errors when
deleting shared secrets (which is the most common type). The set command
already defaults to 'shared' via util.SECRET_TYPE_SHARED. This aligns
the delete command with the same default behavior.

Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
@devin-ai-integration
Copy link
Contributor Author

devin-ai-integration bot commented Mar 16, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Mar 16, 2026

Greptile Summary

Changes the default --type flag on infisical secrets delete from "personal" to "shared" (via util.SECRET_TYPE_SHARED), fixing a bug where shared secrets (the most common type) could not be deleted without explicitly passing --type shared. This aligns the delete subcommand with the set subcommand, which already defaults to shared.

  • Bug fix: The delete endpoint uses the type field to filter the DB query, so defaulting to "personal" caused 404 errors for shared secrets
  • Consistency: Both set (line 836) and delete (line 840) now use util.SECRET_TYPE_SHARED as the default
  • Behavioral change: Users who relied on infisical secrets delete X to delete personal secrets without --type personal will now need to pass the flag explicitly — this is technically a breaking change to CLI behavior, though the previous default was almost certainly unintentional

Confidence Score: 4/5

  • This is a safe, minimal bug fix that aligns delete behavior with set behavior and fixes a clear usability issue.
  • Single-line change to a flag default value that matches the existing convention used by the set command. The fix is well-motivated and the code path is straightforward. Minor deduction because it changes default CLI behavior (users relying on deleting personal secrets by default would be affected), though the previous default was almost certainly a bug.
  • No files require special attention — the change is minimal and well-contained.

Important Files Changed

Filename Overview
packages/cmd/secrets.go Single-line change: default --type flag for secretsDeleteCmd changed from "personal" to util.SECRET_TYPE_SHARED, aligning with secretsSetCmd. Fixes bug where shared secrets couldn't be deleted without explicit --type shared. Minor redundant default hint in help text.

Last reviewed commit: e110fde

greptile-apps[bot]
greptile-apps bot reviewed Mar 16, 2026
View reviewed changes
packages/cmd/secrets.go Outdated
util.AddOutputFlagsToCmd(secretsSetCmd, "The output to format the secrets in.")

secretsDeleteCmd.Flags().String("type", "personal", "the type of secret to delete: personal or shared (default: personal)")
secretsDeleteCmd.Flags().String("type", util.SECRET_TYPE_SHARED, "the type of secret to delete: personal or shared (default: shared)")
Copy link
Contributor

@greptile-apps greptile-apps bot Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant default hint in help text

Cobra automatically appends the default value to help output for string flags (e.g., (default "shared")). The manually written (default: shared) in the description is redundant and uses a slightly different format. The secretsSetCmd on line 836 does not include a manual default hint, so removing it here would improve consistency.

Suggested change
secretsDeleteCmd.Flags().String("type", util.SECRET_TYPE_SHARED, "the type of secret to delete: personal or shared (default: shared)")
secretsDeleteCmd.Flags().String("type", util.SECRET_TYPE_SHARED, "the type of secret to delete: personal or shared")

@jakehulberg @devin-ai-integration
style: remove redundant default hint from delete type flag description
34a3952 
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jakehulberg