Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify usage of secrets in docs #4099

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Clarify usage of secrets in docs #4099

wants to merge 14 commits into from

Conversation

6543
Copy link
Member

@6543 6543 commented Sep 10, 2024

@6543 6543 added documentation docu & docs enhancement improve existing features labels Sep 10, 2024
@6543 6543 mentioned this pull request Sep 10, 2024
Closed
3 tasks
@woodpecker-bot

This comment was marked as outdated.

Sign in to view
@6543 6543 requested a review from a team September 10, 2024 11:37
pat-s
pat-s requested changes Sep 12, 2024
View reviewed changes
Copy link
Contributor

@pat-s pat-s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the follow-up to my previous comment.

Besides the inline comments (which should be ported to the 2.7 docs if accepted), I am still missing a section which explains in detail:

  • why environment: has been removed from all plugins (and starting with which version)
  • how using secrets via a plugin setting option is different/more secure

docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/40-secrets.md Outdated Show resolved Hide resolved
docs/docs/20-usage/51-plugins/20-creating-plugins.md Outdated Show resolved Hide resolved
@lafriks
Copy link
Contributor

lafriks commented Sep 23, 2024

imho droping secrets and having only from_secret would make all less complicated 😅

@6543
Copy link
Member Author

6543 commented Sep 23, 2024

we depricated them and we could at least remove them from the docs ...

@pat-s
Copy link
Contributor

pat-s commented Sep 27, 2024

@6543 Do you still plan to address the points in my last review comment?

@6543
Copy link
Member Author

6543 commented Sep 27, 2024

Well as they are blocking yes ... when i have time

pat-s
pat-s reviewed Oct 2, 2024
View reviewed changes
docs/docs/20-usage/40-secrets.md Outdated
@@ -48,6 +48,7 @@ This way, the secret key and environment variable name can differ.
### Using secrets in plugins-steps via "settings:"

The `from_secret` syntax also work for settings in any hierarchy.
Note that you can not use `secrets` and also not use it with `environment`, as this could alter the execution of plugins and so it is forbidden by the linter now.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking a stab. However, I think we should expand on this and add more content. This is a very important point for users to understand the "why" behind this.

Maybe we can even put it into a highlight box?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You must have a concrete idea in mind, could you push that onto by branch?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, I just think that these two assets are essential for many and removing them/explaining why one cannot/should not set secrets in or environment in plugins is essential - especially if the same are still allowed in normal steps.

You are better at explaining the reasoning in detail behind all of this. Happy to rephrase wording afterwards.

  • Why (and how) could it alter plugin execution (Yes, I know there was a sec issue etc. but (many) users don't know)
  • Add that secrets are essentially == environment and therefore both must be removed
  • Explain why secrets defined as plugin settings are not harmful (this is actually still an open Q to me)

@6543
Copy link
Member Author

6543 commented Oct 2, 2024

image

@pat-s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pat-s pat-s pat-s requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
documentation docu & docs enhancement improve existing features
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@6543 @woodpecker-bot @lafriks @pat-s