This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/tests/compute/secrets/simple/simple.cue
Andrea Luzzardi 9c0e2d1d95 buildkit secrets support
- Secrets are never exposed in plaintext in the Cue tree. `dagger query`
  won't dump secrets anymore, Cue errors won't contain them either.
- BuildKit-native secrets support through a new `mount` type. This
  ensures secrets will never be part of containerd layers, buildkit
  cache and generally speaking will never be saved to disk in plaintext.
- Updated netlify as an example
- Added tests
- Changed the Cue definition of a secret to:

```
	@dagger(secret)

	id: string
}
```

This is to ensure both that setting the wrong input type on a secret
(e.g. `dagger input text`) will fail, and attempting to misuse the
secret (e.g. interpolating, passing as an env variable, etc) will also
fail properly.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-05-27 19:14:08 -07:00

35 lines
486 B
CUE

package testing
import (
"dagger.io/dagger"
"dagger.io/dagger/op"
"dagger.io/alpine"
)
mySecret: dagger.#Secret
TestSecrets: #up: [
op.#Load & {
from: alpine.#Image & {
package: bash: "=~5.1"
}
},
op.#Exec & {
mount: "/secret": secret: mySecret
env: PLAIN: mySecret.id
args: [
"/bin/bash",
"--noprofile",
"--norc",
"-eo",
"pipefail",
"-c",
#"""
test "$(cat /secret)" = "SecretValue"
test "$PLAIN" != "SecretValue"
"""#,
]
},
]