You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As can be seen from the git history of the config.xml above, AWS_ACCESS_KEY_ID in the above pipeline had secure="true" removed by Filesystem re-added by Upgrade, and then removed again by anonymous.
This essentially turned the variable into a plaintext one with no value (even though the secure value was still persisted in the XML). Eventually when an unrelated change was made to the pipeline through the GUI (material change), the encrypted value was also deleted from the XML.
Unfortunately this was only spotted a couple of weeks later as it was a seldom used pipeline, so the go server logs have since been rotated away.
The text was updated successfully, but these errors were encountered:
Evesy
changed the title
Secret Variable Delete on GoCD Startup Config Migration
Secret Variable Deleted on GoCD Startup Config Migration
Aug 22, 2023
Without server logs I will close as a duplicate as there is no way to confirm the root cause is the same.
If you can look back through config history and see the oldest GoCD version where you see this flip-flopping happening it might help.
git log -S "secure=" -p
There is no current solid explanation for why it might be more commonly happening now, or on 23.1.0 (based on the confirmed bug fixed), and why a few people have suddenly reported the same thing, as the code here is very old.
Would love to get that detail (or analysis) on how far back in your config repo (and with which GoCD versions) you've seen similar boolean flip-flopping as I understand you're relatively long time GoCD users - or any pattern you see in increase in frequency, but up to you 🙏
Sorry for the delay, but wanted to add that this change is now out in GoCD 23.4.0. Fingers crossed that we've nailed this one! https://www.gocd.org/download/
Issue Type
Summary
During a GoCD server restart, a particular secret variable in a pipeline appears to have been essentially deleted by GoCD during startup
Environment
Basic environment details
23.1.0
17.0.8
Rocky 8 (Linux 5.15.107+)
Additional Environment Details
Steps to Reproduce
Unable to reproduce as of yet
Expected Results
Secret variables should not be affected by server restarts
Actual Results
Secret variable was made non-secure during restart, making it unavaiable in pipelines.
Possible Fix
Log snippets
Any other info
As can be seen from the git history of the
config.xml
above,AWS_ACCESS_KEY_ID
in the above pipeline hadsecure="true"
removed byFilesystem
re-added byUpgrade
, and then removed again byanonymous
.This essentially turned the variable into a plaintext one with no value (even though the secure value was still persisted in the XML). Eventually when an unrelated change was made to the pipeline through the GUI (material change), the encrypted value was also deleted from the XML.
Unfortunately this was only spotted a couple of weeks later as it was a seldom used pipeline, so the go server logs have since been rotated away.
The text was updated successfully, but these errors were encountered: