Skip to content

feat: add dynamic secret API#4667

Merged
dolanor merged 18 commits into
dagger:mainfrom
dolanor:dynamic-secrets
Mar 15, 2023
Merged

feat: add dynamic secret API#4667
dolanor merged 18 commits into
dagger:mainfrom
dolanor:dynamic-secrets

Conversation

@dolanor
Copy link
Copy Markdown
Contributor

@dolanor dolanor commented Feb 28, 2023
edited
Loading

This PR adds a top level query setSecret(name: String!, plaintext: String!): Secret! that will associate a user defined secret name to a plaintext value.

Points to figure out

file.secret() deprecation

At the same time, we deprecate file.secret() as it leaks secrets in the cache. It is not a breaking change, yet. But as it is insecure, I thought of actually breaking the file.secret() implementation (especially the one bringing the secret in) by always returning an error. We wouldn't want people to use it nonetheless and have important secrets leaked.

=> viewed with @jlongtine : we keep backwards compatibility, no breaking change

secret id content

The only information going into the container information would be the secret id which is a base64 of the name of the secret and the sha256(plaintext). It should bust the cache if we change the plaintext. I think this is the behavior that we want. But it would be less secure than if we used a hash only derived from the secret name. In that case, nobody would know if the secret plaintext has been changed, and the cached version would be used. The user would have to bust their cache by themselves.

I'm open to discussion/experience sharing about this.

@dolanor dolanor requested a review from jlongtine February 28, 2023 14:31
@dolanor dolanor linked an issue Feb 28, 2023 that may be closed by this pull request
Dynamic secrets #4426
Closed
@dolanor dolanor marked this pull request as draft February 28, 2023 14:36
@dolanor dolanor force-pushed the dynamic-secrets branch 2 times, most recently from 2e7b00f to 1de281b Compare February 28, 2023 14:40
jlongtine
jlongtine reviewed Feb 28, 2023
View reviewed changes
Comment thread secret/store.go
@dolanor dolanor force-pushed the dynamic-secrets branch 8 times, most recently from b5f16c1 to 647a557 Compare March 7, 2023 00:20
@dolanor dolanor force-pushed the dynamic-secrets branch 2 times, most recently from 9972261 to 944e2ec Compare March 13, 2023 14:35
@dolanor dolanor mentioned this pull request Mar 13, 2023
Closed
@dolanor dolanor marked this pull request as ready for review March 13, 2023 14:47
@dolanor
Copy link
Copy Markdown
Contributor Author

dolanor commented Mar 13, 2023

The current implementation of this secret use a new encoding instead of reusing the payload encoding. It works and passes tests.
I tried to homogenize everything by reusing the "normal" payload encoding, but some side-effects makes the file secret tests fail and I lost enough time on it and I need some other eyes to check that: dolanor#206 (It's on my fork to be able to merge on top of this branch).
But if you could review this one, at least we would have the functionality and could test other scenarios as well.

@dolanor
Copy link
Copy Markdown
Contributor Author

dolanor commented Mar 13, 2023

Finally found the problem, will update this one. Hopefully tonight.

@dolanor dolanor force-pushed the dynamic-secrets branch 4 times, most recently from ee910cd to 061635b Compare March 13, 2023 21:11
@dolanor dolanor changed the title feat!: add dynamic secret API feat: add dynamic secret API Mar 13, 2023
@dolanor
feat: add dynamic secret API
8f2a633 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
jlongtine and others added 10 commits March 13, 2023 22:48
@jlongtine @dolanor
Add a small test
781a295 
Signed-off-by: Joel Longtine <joel@longtine.io>
@dolanor
test: ignore deprecated linting when testing this API
6bfc9e1 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
fix: support both SecretID format
aee6347 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
WIP
18322ce 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
WIP
6401df5 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
the culprit
fc4649b 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
use IsOldFormat
1675226 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
cleanup
1167ec5 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
update sdks
edd7bd9 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
use IsOldFormat
44d3abe 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
replace old file secret API with the new shiny one
0191377 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
vito
vito reviewed Mar 13, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@vito vito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, mostly nitpicks! I like the idea of storing a digest in the SecretID to keep them deterministic. 👍

Comment thread core/integration/secret_test.go Outdated
Comment thread core/integration/secret_test.go Outdated
Comment thread core/schema/secret.graphqls Outdated
Comment thread secret/store.go Outdated
Comment thread secret/store.go Outdated
dolanor and others added 6 commits March 14, 2023 10:31
@dolanor @vito
Update core/integration/secret_test.go
187135e 
Co-authored-by: Alex Suraci <suraci.alex@gmail.com>
Signed-off-by: Tanguy ⧓ Herrmann <dolanorgit@evereska.org>
@dolanor @vito
Update core/integration/secret_test.go
c606da3 
Co-authored-by: Alex Suraci <suraci.alex@gmail.com>
Signed-off-by: Tanguy ⧓ Herrmann <dolanorgit@evereska.org>
@dolanor @vito
Update core/schema/secret.graphqls
2ba85c8 
Co-authored-by: Alex Suraci <suraci.alex@gmail.com>
Signed-off-by: Tanguy ⧓ Herrmann <dolanorgit@evereska.org>
@dolanor
check for secret existence in the map
f705a19 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
remove the nameToDigest map
9f34bcf 
The secret ID is already a name + digest

Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
Move NewSecretID right under SecretID struct
3c0cf30 
(more idiomatic)

Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor dolanor requested a review from vito March 14, 2023 10:16
vito
vito approved these changes Mar 14, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@vito vito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect! 🎉

sipsma
sipsma approved these changes Mar 14, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@sipsma sipsma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the late unhelpful review, but looks great, happy we finally get this!

Comment thread engine/remotecache/mountsync.go
@dolanor dolanor merged commit 475f199 into dagger:main Mar 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vito vito vito approved these changes

@sipsma sipsma sipsma approved these changes

@aluzzardi aluzzardi Awaiting requested review from aluzzardi

+1 more reviewer

@jlongtine jlongtine jlongtine approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dynamic secrets

5 participants

@dolanor @vito @jlongtine @sipsma @d3rp3tt3