9c0e2d1d95
- Secrets are never exposed in plaintext in the Cue tree. `dagger query` won't dump secrets anymore, Cue errors won't contain them either. - BuildKit-native secrets support through a new `mount` type. This ensures secrets will never be part of containerd layers, buildkit cache and generally speaking will never be saved to disk in plaintext. - Updated netlify as an example - Added tests - Changed the Cue definition of a secret to: ``` @dagger(secret) id: string } ``` This is to ensure both that setting the wrong input type on a secret (e.g. `dagger input text`) will fail, and attempting to misuse the secret (e.g. interpolating, passing as an env variable, etc) will also fail properly. Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
22 lines
254 B
CUE
22 lines
254 B
CUE
package testing
|
|
|
|
import (
|
|
"dagger.io/dagger"
|
|
"dagger.io/dagger/op"
|
|
"dagger.io/alpine"
|
|
)
|
|
|
|
mySecret: dagger.#Secret
|
|
|
|
TestSecrets: #up: [
|
|
op.#Load & {
|
|
from: alpine.#Image & {
|
|
package: bash: "=~5.1"
|
|
}
|
|
},
|
|
|
|
op.#Exec & {
|
|
env: foo: mySecret
|
|
},
|
|
]
|