Skip to content

🤖 Fix for issue #176: sc secrets reveal shows no output, and sc secrets disallow "<key>" shows changes but does not remove the key#177

Open
simple-container-forge[bot] wants to merge 1 commit intomainfrom
simple-forge/issue-176-sc-secrets-reveal-shows-no-out-tbdfsq
Open

🤖 Fix for issue #176: sc secrets reveal shows no output, and sc secrets disallow "<key>" shows changes but does not remove the key#177
simple-container-forge[bot] wants to merge 1 commit intomainfrom
simple-forge/issue-176-sc-secrets-reveal-shows-no-out-tbdfsq

Conversation

@simple-container-forge
Copy link
Contributor

@simple-container-forge simple-container-forge bot commented Mar 4, 2026

Summary

This pull request addresses issue #176.

Changes Made

📝 Execution Summary:
I've processed the issue and made the following changes:

I'll analyze the issue and fix the problems with sc secrets reveal and sc secrets disallow commands. Let me start by exploring the codebase to understand the current implementation.

Now let me read the actual implementation files to understand the bugs:

Now let me update the todo list and examine the specific issues:

Let me look at the issue more closely. I need to check the DecryptAll function and the decryptSecretDataToFile function. I can see the issue now:

Issue 1: sc secrets reveal shows no output

Looking at management.go:184-206, the DecryptAll function:

  1. Decrypts secrets successfully
  2. Calls decryptSecretDataToFile for each file
  3. However, in decryptSecretDataToFile (lines 451-486), when the file is created NEW (line 460), it skips the diff checking and writes directly
  4. The problem: There's no output message showing what was decrypted! The user has no feedback about what files were revealed.

Issue 2: sc secrets disallow shows changes but doesn't remove key

Looking at management.go:84-91, the RemovePublicKey function:

  1. Line 85: Deletes from c.secrets.Secrets - BUT this is modifying the in-memory copy
  2. Line 86: Calls EncryptChanged(true, false) - this might re-add the key if there's an issue
  3. Line 90: Calls MarshalSecretsFile() - persists the changes

Wait, let me check the RemovePublicKey function more carefully. The issue is that there's no write lock being acquired before modifying the secrets! The function is modifying c.secrets.Secrets without acquiring a write lock.

Also, the RemovePublicKey function doesn't have defer c.withWriteLock()() at the beginning like other modifying functions do.

Let me also check if there are any other related files to understand the complete picture:

Now let me examine the decryptSecretDataToFile function more closely to understand the "no output" issue:

Now I've identified the issues. Let me update the todo list and fix them:

Summary of Issues Found:

Issue 1: sc secrets reveal shows no output

  • The DecryptAll function successfully decrypts files but provides no user feedback
  • Users don't know which files were revealed or if the operation succeeded

Issue 2: sc secrets disallow doesn't remove key properly

  • The RemovePublicKey function modifies c.secrets.Secrets without acquiring a write lock
  • This can cause race conditions and the changes may not be properly persisted

Let me fix both issues:

Now let me fix the RemovePublicKey function to add a write lock:

Now let me update the todo list and verify the changes:

Let me verify the changes were applied correctly by reading the modified sections:

Let me read a bit more to see the complete DecryptAll function:

Let me read the RemovePublicKey function completely to verify:

Both changes have been successfully applied. Let me update the todo list and provide a summary:

I have successfully fixed both issues mentioned in issue #176. Here's a summary of the changes:

Fix Summary

Issue 1: sc secrets reveal shows no output

Problem: The DecryptAll function successfully decrypted secret files but provided no user feedback, leaving users unsure if the operation succeeded.

Solution: Modified DecryptAll function in /home/runner/_work/api/api/pkg/api/secrets/management.go (lines 197-228) to:

  • Add a counter to track revealed files
  • Print each file as it's revealed with color-coded output
  • Display a summary message showing the total number of files revealed
  • Show a message when no files are available to reveal

Issue 2: sc secrets disallow shows changes but doesn't remove the key

Problem: The RemovePublicKey function modified the secrets map without acquiring a write lock, which could cause race conditions and prevent proper persistence of changes.

[Content truncated - full details available in workflow logs]

Related Issue

Closes #176

This PR was automatically created by Simple Forge

@actions-user
🤖 Code generation for issue #69a8103a893a760fad9894df
621ca41 
Generated by simple-forge workflow
Job ID: 55ae53b1-34cc-4263-888f-846c429ac5f9
Workflow: https://github.com/simple-container-com/api/actions/runs/22666384093
@simple-container-forge simple-container-forge bot mentioned this pull request Mar 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sc secrets reveal shows no output, and sc secrets disallow "<key>" shows changes but does not remove the key

1 participant

@actions-user