neon folio
I've got a few pipelines drawing secrets and data using env variables such as my SSH_AUTH_SOCK or an AuthToken.
I was reading through some dagger modules and for username and passwords it seems that using m cmd line flags is the default (CF this example : https://daggerverse.dev/mod/github.com/vbehar/daggerverse/artifactory@835c165c8c90063c8e99dd7453ad504f5bdf6684)
But how would i achieve the same for my SSH socket ? is env vars still the default or do you have other best practices ?
spark torrent
The module you refer to seems to be outdated.
The idiomatic way to pass secrets to a dagger module is via CLI flags, but it's no longer by value. The default is to read from an env var:
--password=ARTIFACTORY_PASSWORD
(notice it's not in ${...})
But you can also use a file's contents:
--password=file:./my-secret
Or use a command:
--password="cmd:op read op://XXX/password"
amazing ! thanks for your quick reply.
browsed through the doc and can't find any mention of this. do you happend to know where this is referenced?
spark torrent
It's currently being worked on in https://github.com/dagger/dagger/pull/6681
neon folio
will read through it, many thanks !
solar mist
@spark torrent When using Infisical, Doppler, etc; it becomes a bit of a chore to provide --token env:TOKEN to every dagger call invocation. Could we get some sort of helper in dagger.json to make something like this available to all functions?
