Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dagger secrets #269

Merged
merged 3 commits into from
Mar 26, 2023
Merged

Dagger secrets #269

merged 3 commits into from
Mar 26, 2023

Conversation

vito
Copy link
Owner

@vito vito commented Mar 26, 2023

Uses Dagger's new secrets API, supporting secret mounts and env. 🎉

This brings the Dagger runtime tests down to just 3 failures: TLS, mounting subpaths of cache mounts, and using OCI image archives for thunks.

There's a slight concession here: the runtime test suite no longer asserts that secrets passed in commandline args are safe from being leaked in the image. Dagger doesn't support it, and you shouldn't be passing secrets in command args anyway.

cc @dolanor :)

passing secrets in command args is never a good idea. they show up in
the process tree and get saved into shell history. no point in trying to
pretend this is safe.

but really, Dagger doesn't support it, and I think that's OK, so let's
just relax the test a bit.
@vito vito added the enhancement New feature or request label Mar 26, 2023
@vito vito merged commit 2baf788 into main Mar 26, 2023
@vito vito deleted the dagger-secrets branch March 26, 2023 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant