-
-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify usage of secrets in docs #4099
base: main
Are you sure you want to change the base?
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the follow-up to my previous comment.
Besides the inline comments (which should be ported to the 2.7 docs if accepted), I am still missing a section which explains in detail:
- why
environment:
has been removed from all plugins (and starting with which version) - how using secrets via a plugin setting option is different/more secure
imho droping |
we depricated them and we could at least remove them from the docs ... |
@6543 Do you still plan to address the points in my last review comment? |
Well as they are blocking yes ... when i have time |
docs/docs/20-usage/40-secrets.md
Outdated
@@ -48,6 +48,7 @@ This way, the secret key and environment variable name can differ. | |||
### Using secrets in plugins-steps via "settings:" | |||
|
|||
The `from_secret` syntax also work for settings in any hierarchy. | |||
Note that you can not use `secrets` and also not use it with `environment`, as this could alter the execution of plugins and so it is forbidden by the linter now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking a stab. However, I think we should expand on this and add more content. This is a very important point for users to understand the "why" behind this.
Maybe we can even put it into a highlight box?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You must have a concrete idea in mind, could you push that onto by branch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not really, I just think that these two assets are essential for many and removing them/explaining why one cannot/should not set secrets in or environment in plugins is essential - especially if the same are still allowed in normal steps.
You are better at explaining the reasoning in detail behind all of this. Happy to rephrase wording afterwards.
- Why (and how) could it alter plugin execution (Yes, I know there was a sec issue etc. but (many) users don't know)
- Add that secrets are essentially == environment and therefore both must be removed
- Explain why secrets defined as plugin settings are not harmful (this is actually still an open Q to me)
as per #4096 (comment)