#Context directory equivalent for secrets ?

Have there been any thoughts around providing defaults for *dagger.Secret args?
A lot of (esp. internal) functions may depend on a specific env var or file with credentials/token (e.g. AWS, gcloud, Github, etc).
I can see the obvious security problem with being able to naively specify this as defaults on functions, but perhaps some approach to this is being considered?

👋 secrets are particularly tricky because that'd mean that if you're running a thirdy party module that could potentially inspect and grab some variables or files on your machine, that will break the sandboxing model of functions

not sure I recall any discussions around that so far. silently pinging @edgy summit @acoustic yacht @sand talon

See "Future expansion of context API" in https://github.com/dagger/dagger/issues/7199. There's stuff like context().aws().auth().

Wasn't discussed at any length though, not with me at least.

Yep, hence my acknowledgement. Maybe some kind of explicit trust granting mechanism (kinda like direnv allow) could be considered?

I like that

because it's pre-declared in the args, then we could have a prompt with all the secrets it will grab and give users the option to allow/deny