unique crown
If I'm creating a new secret as part of a dagger function, I want to store it in the Secret type and pass it to other functions. Should I use dag.setSecret for this?
I tried this and got the following error.
error: parse selections: parse field "withSecretVariable": init arg "secret" value as dagql.ID[*github.com/dagger/dagger/core.Secret] (SecretID!) using dagql.ID[*github.c
/dagger/dagger/core.Secret]: failed to unmarshal proto: proto: cannot parse invalid wire-format data
wraith crater
👀
can you share a snippet of what you're doing?
this is what SetSecret is for, you're right
this looks like a weird internal issue maybe 🤔 we did update some of this logic
unique crown
return {
accessKeyId: dag.setSecret(`${profile}_aws_access_key_id`, (await cli.withExec(['aws', 'configure', 'get', 'aws_access_key_id']).stdout()).trim()),
secretAccessKey: dag.setSecret(`${profile}_aws_secret_access_key`, (await cli.withExec(['aws', 'configure', 'get', 'aws_secret_access_key']).stdout()).trim()),
sessionToken: dag.setSecret(`${profile}_aws_session_token`, (await cli.withExec(['aws', 'configure', 'get', 'aws_session_token']).stdout()).trim()),
};
Then passing those secret values to be used here.
Aws.cli()
.withSecretVariable('AWS_ACCESS_KEY_ID', credentials.accessKeyId)
.withSecretVariable('AWS_SECRET_ACCESS_KEY', credentials.secretAccessKey)
.withSecretVariable('AWS_SESSION_TOKEN', credentials.sessionToken)
🤔 so that looks like roughly correct usage
although, you might want to avoid using secrets in withExec output, since those will appear in the logs
wraith crater
🤔 so that looks like roughly correct usage
will try and put together a repro
unique crown
What would you advise then if I'm generating a secret value during the running of a function. The intent behind using dag.setSecret is that the value would be excluded from logs.