title |
---|
FAQ |
First of all: Don't panic. The leaked encryption key allows attackers to read the payload of pending jobs, but only if they also gained access to your Quirrel API deployment (managed or self-hosted).
To replace your leaked secret with a new one, do the following:
- Set the
QUIRREL_OLD_SECRETS
environment variable to["<your-leaked-secret>"]
. This will allow old jobs to be decrypted. - Set
QUIRREL_ENCRYPTION_SECRET
to your new secret. - Once all jobs that were encrypted with the old secret executed, remove
QUIRREL_OLD_SECRETS
.
If you're using the managed Quirrel deployment, feel free to reach out to get further assistance.
You can use something like concurrently
:
"scripts": {
"dev": "concurrently --raw \"quirrel\" \"next dev\"",
...
}
Telemetry allows us to accurately gauge Quirrels feature usage and pain points across all users. This data will let us better tailor Quirrel to users, ensuring its best-in-class developer experience.
Quirrel collects completely anonymous telemetry data about general usage, it also sends error reports to Sentry. Participation in this anonymous program is optional, and you may opt-out if you'd not like to share any information. To opt-out, set the DISABLE_TELEMETRY environment variable to 1.
Quirrel keeps track of how many API calls were made using a specific token. This is primarily used for the hosted version's billing.
There's two main things that count as an "API Call":
- Your Application calling Quirrel, e.g. for enqueueing a job or fetching pending jobs.
- Quirrel calling your application (during execution)
Let's do a quick example:
You enqueue two jobs that each repeat thrice.
After their second repetition, you call .delete()
on them.
How many API Calls would that use?
API Calls | Action |
---|---|
2 | .enqueue twice |
2x2 | execution (two jobs, two executions) |
2 | .delete twice |
8 | sum |