#TTL for secrets providers 🧵

soft kelp · 2025-03-28T11:18:49.992Z

TTL for secrets providers 🧵 | Dagger | Page 1

1 messages · Page 1 of 1 (latest)

soft kelp Mar 28, 2025, 11:18 AM

In response to 9942, I have submitted the PR for adding support for TTL to secret providers.

GitHub

Issues · dagger/dagger

An open-source runtime for composable workflows. Great for AI agents and CI/CD. - Issues · dagger/dagger

currently it seems like only vault do the caching and other providers just fetch it from the source when required.

so I have made changes only for the vault secret provider right now.

The user can pass the TTL for a secret using a new query parameter ttl. e.g. vault://data/secret-name.secretkey?ttl=20s

The secret provider then use the TTL and store it along with the data in the cache, and checks for cache-expiration before returning the secret

Please let me know if that sounds like a reasonable approach or if you have other suggestions.

cc @cosmic rune @cyan ember @ancient bison

ancient bison Mar 28, 2025, 11:35 AM

reviewed 🙏 lgtm in terms of how this should work (ttl param sgtm), just got some implementation points