-
Notifications
You must be signed in to change notification settings - Fork 902
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All secrets managed by firebase are pruned when I set a new version of one #4459
Comments
I can confirm this issue, it happened to me as well. When updating a secret, it asks you to redeploy all functions that uses it. Once you deploy them, it looks like it just prunes all other secrets that are used by other functions (without any confirmation). This is quite critical, as in my case I ended up having a lot of secrets being destroyed. |
These pruning are surprising users (see #4459). I'm going to work on improving the UX of the pruning. Until then, users can still prune unused secrets via functions:secrets:prune command.
Thanks for the feedback folks. It looks like our attempt to clean things up in order to make secrets less expensive to use is causing more trouble than I've anticiapted. I'm going back to the drawing boards to improve the UX of the pruning and will rollback automatic secret pruning after deploy. You'll likely want to use |
These pruning are surprising users (see #4459). I'm going to work on improving the UX of the pruning. Until then, users can still prune unused secrets via `functions:secrets:prune` command.
@taeold using |
In our case this is what happened:
And there is no workaround, it means we have to deploy all functions all-together if we want secrets not to be pruned. |
We had this happen when a new deploy went out via CI. We didn't set or change any secrets or versions, but the prune command removed everything anyway (!). We're now forcing 10.7 to be used until this can get addressed correctly. |
Hey folks, I'm not able to re-produce the pruning behavior that you're experiencing. Here's what I did:
The secrets that are not is use are not being pruned. Did I miss something in the above steps? Thanks |
@colerogers which version did you use? I think this just got fixed yesterday with the 10.9.2 release https://github.com/firebase/firebase-tools/releases/tag/v10.9.2 which fixed #4540 and I think is a duplicate of this issue. |
@colerogers I agree with @mthomas-io findings. I just spent hours trying to figure out what was going on to my function secrets and reviewing the docs over and over until I landed here. Nothing was working until I updated firebase-tools again. Then it all started working as expected. |
Yep you're correct, I was using the latest for both (10.9.2 for |
@colerogers not sure if it's possible, but can the broken versions be pulled from NPM? This caused pretty serious live ops issues for us and I'd hate for someone else to have it happen because the happen to get one of these versions somehow. |
[REQUIRED] Environment info
firebase-tools: 10.7.0
Platform: Ubuntu & macOS
[REQUIRED] Test case
firebase functions:secrets:set SECRET_NAME
This SECRET_NAME has to be labeled
firebase-managed: true
and used in a Cloud Function.[REQUIRED] Steps to reproduce
[REQUIRED] Expected behavior
Just the SECRET_NAME has to be set and prune old version.
Not all ANOTHER_SECRET_NAME flagged
firebase-managed: true
[REQUIRED] Actual behavior
It seems to prune all secrets flagged
firebase-managed: true
The text was updated successfully, but these errors were encountered: