9c0e2d1d95
- Secrets are never exposed in plaintext in the Cue tree. `dagger query` won't dump secrets anymore, Cue errors won't contain them either. - BuildKit-native secrets support through a new `mount` type. This ensures secrets will never be part of containerd layers, buildkit cache and generally speaking will never be saved to disk in plaintext. - Updated netlify as an example - Added tests - Changed the Cue definition of a secret to: ``` @dagger(secret) id: string } ``` This is to ensure both that setting the wrong input type on a secret (e.g. `dagger input text`) will fail, and attempting to misuse the secret (e.g. interpolating, passing as an env variable, etc) will also fail properly. Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
48 lines
927 B
Go
48 lines
927 B
Go
package solver
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
|
|
"github.com/moby/buildkit/session"
|
|
"github.com/moby/buildkit/session/secrets"
|
|
"github.com/moby/buildkit/session/secrets/secretsprovider"
|
|
"github.com/rs/zerolog/log"
|
|
"go.dagger.io/dagger/state"
|
|
)
|
|
|
|
func NewSecretsProvider(st *state.State) session.Attachable {
|
|
return secretsprovider.NewSecretProvider(&inputStore{st})
|
|
}
|
|
|
|
type inputStore struct {
|
|
st *state.State
|
|
}
|
|
|
|
func (s *inputStore) GetSecret(ctx context.Context, id string) ([]byte, error) {
|
|
lg := log.Ctx(ctx)
|
|
|
|
const secretPrefix = "secret="
|
|
|
|
if !strings.HasPrefix(id, secretPrefix) {
|
|
return nil, secrets.ErrNotFound
|
|
}
|
|
|
|
id = strings.TrimPrefix(id, secretPrefix)
|
|
|
|
input, ok := s.st.Inputs[id]
|
|
if !ok {
|
|
return nil, secrets.ErrNotFound
|
|
}
|
|
if input.Secret == nil {
|
|
return nil, secrets.ErrNotFound
|
|
}
|
|
|
|
lg.
|
|
Debug().
|
|
Str("id", id).
|
|
Msg("injecting secret")
|
|
|
|
return []byte(input.Secret.PlainText()), nil
|
|
}
|