#Recommended way of constructing a Secret for WithMountedSecret?

Sometimes I want to generate a secret in memory and still safely pass it into a Container, but WithMountedSecret only accepts a dagger.Secret which is closed.
How should I go about doing this?

typically you would receive the secret as argument to your function, unless your code is the one that knows the plaintext

see https://docs.dagger.io/manuals/developer/secrets

So my question is about the latter case, example could be generating a password in memory and passing it into a Container. Or it could be a combination of both situations, accepting a token Secret -> wrapping it in some config file -> passing onto another Container (think emulating docker login for example)

yeah if you know the plaintext there is a dag.SetSecret or NewSecret where you can pass it

Ah 💡 there we go, thanks. Only looked for it in dagger.

dag is a dagger.Client yes?

I have the following snippet which I would expect to work with the Go SDK, but I get a secret not found error

func loadSecrets(dc *client.Client) (err error) {
    sonarToken := os.Getenv("SONAR_TOKEN")
    dc.Dagger.SetSecret("SONAR_TOKEN", sonarToken)
    s := dc.Dagger.Secret("SONAR_TOKEN")
    id, err := s.ID(dc.Ctx)
    if err != nil {
        return err
    }
    name, err := s.Name(dc.Ctx)
    if err != nil {
        return err
    }
    text, err := s.Plaintext(dc.Ctx)
    if err != nil {
        return err
    }
    fmt.Println(id, name, text, s)

    return nil
}

input: secret.name resolve: secret not found: xxh3:6c5d939a78cdd042

However, if I use the secret returned by SetSecret, the values are as expected, other than the s, which has nil for the important hidden Go fields (&{0xc000370dc0 <nil> <nil> <nil>})

dc.Dagger is a *dagger.Client

fyi, on v0.12.4

same error in v0.13.3

added issue here: https://github.com/dagger/dagger/issues/8629

@jaunty hornet @lone silo in case you missed @minor glacier 's reply in my issue above, this currently works. I just forgot that you need to call Id in SetSecret so the engine call gets actually triggered

I agree with Justin that the API is confusing. We can use that issue to brainstorm for possible alternatives.

Maybe we should just bite the bullet and remove the API (it's kind of an artifact of an internal API that we should probably remove from the user-facing codegen)

I've wanted to get rid of it for so long

Maybe we could deprecate it in the next release?

To clarify, I mean removing Secret, not SetSecret

This didn't seem to help with secrets set in one part of the codebase and accessed in another. It seems I have to use the *Secret returned from SetSecret()

@lone silo if it's the same Dagger client this should work without issues. AFAIK. Any chance you have a repro?

not handy no, but essentially split the example above

we definitely have a singleton client in the codebase

hmm, maybe set is never being sync'd? (though the SecSecret().ID(ctx) would seem to imply that it would be evaluated)

was able te repro:

func main() {
    ctx := context.Background()
    fmt.Println(dag.SetSecret("foo", "bar").ID(ctx))

    fmt.Println(dag.Secret("foo").Plaintext(ctx))
}

this doesn't work

let me check what happens with modules

I can probably find you a trace id from Dagger Cloud

also doesn't work with modules. So seems like the issue was accidentally correct

I'll update the description accordingly. Silently pinging @minor glacier

we should try to fix this before the next release