Comments (5)
Is it expected in the future that changing secret values will in fact invalidate the cache?
I don't expect we'll change this behavior.
One of the reasons that would make this tricky is that the secret then becomes part of the cache key - this is kinda dangerous, even though the cache key is a sha256 digest. Potentially, it means that a leak of the cache key could allow brute-forcing the secret 😱
Is deleting the container the recommended flow?
At the moment, that's really the only option sadly 😢
I have suggested a new cache
subcommand to control cache in the dagger engine: #6260. Is that kind of close to something that you'd be looking for?
from dagger.
Is deleting the container the recommended flow? I'm using this and then rerunning.
hello-dagger$ docker ps --format "{{.Names}}" --filter name='^/dagger-engine-*' | xargs --no-run-if-empty -I"{}" docker rm --force {}
hello-dagger$ export GH_SECRET='{ fix github_token here }'
hello-dagger$ dagger run go run ci/main.go
Is it expected in the future that changing secret values will in fact invalidate the cache?
I'm really loving what dagger is offering and looking forward to using it. Thanks a lot for providing this tool
from dagger.
The exception is when a secret is provided as input to a module with dagger call
. Secrets from the CLI have a name that's based on the value.
from dagger.
At the moment, that's really the only option sadly 😢
@jedevc I think invalidating the cache via https://docs.dagger.io/cookbook/#invalidate-cache also works. Unless I'm missing something, I just did a test and when the cache gets invalidated before the With*Secret*
calls, the secret gets effectively updated in the subsequent steps.
from dagger.
At the moment, that's really the only option sadly 😢
@jedevc I think invalidating the cache via https://docs.dagger.io/cookbook/#invalidate-cache also works. Unless I'm missing something, I just did a test and when the cache gets invalidated before the
With*Secret*
calls, the secret gets effectively updated in the subsequent steps.
Yes using CACHEBUSTER variable works great, but having to add that explicitly for changing secrets is the problem because now you're always invalidating the cache when secret may have not changed.
from dagger.
Related Issues (20)
- ✨ Expose GraphQL client in Python SDK
- yamlinvaders example does not work HOT 1
- 🐞 Using dagger with start service sometimes loses its TCP connection
- 🐞 dagger-sdk in rust returns garbage on errors
- 🐞 `github.com/dagger/dagger/dagql/idtui.CollectSpan` invalid memory address or nil pointer dereference HOT 1
- Contextual modules HOT 38
- Git push HOT 5
- Clarify that rosetta and DEFAULT_PLATFORM should **not** be used in Mac + Docker HOT 2
- Logs from execs/services can get dropped/cutoff HOT 1
- Namespace cache volumes by module HOT 5
- Can't load local module at absolute path
- Improve modules quality by examples HOT 3
- Add more VCS (gitlab, gitea, bitbucket) support to Zenith and Daggerverse HOT 5
- OpenSSL cannot read SSH keys mounted as secrets HOT 14
- Add SecretStdin to Container.WithExec options HOT 2
- dagger install --export
- 🐞 dagger v0.11.2 possible memory leak HOT 5
- Cannot write (or read?) from temp mounts HOT 7
- API is missing `WithoutSecretVariable`
- Customize CLI command names
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dagger.