Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What is the expected behavior of ftl secret set --op --json ? #1494

Closed
mistermoe opened this issue May 15, 2024 · 3 comments
Closed

What is the expected behavior of ftl secret set --op --json ? #1494

mistermoe opened this issue May 15, 2024 · 3 comments
Assignees

Comments

@mistermoe
Copy link
Collaborator

per a discussion in a prior issue: #1295 (comment)

Actually thinking about it a bit more now, it may make more sense to store everything related to a given vendor in a single secret that is a json object. thinking back to using AWS Secrets Manager and that's actually how it's done: reference in which case Map as it is works totally fine.

I was hoping to move to ^ approach for secrets in our project. for local development our secrets are stored in 1password. A given secret in 1password would be set up like so:

image

attempting to add the secret to ftl led to the following:

❯ echo -n op://json-test/secret | ftl secret set json_test --op --json
ftl: error: secret is not valid JSON: invalid character 'o' looking for beginning of value

TBH, ^ was 50% expected as the --json flag when used with the --inline provider is expecting that actual secret provided to be json. with --op however (and i suppose --keychain as well) there's 1 additional level of indirection.

What i'm hoping to be able to do is something like the following and have it work regardless of the underlying secret provider thats being used (aws secrets manager in prod, op or keychain locally etc.):

package adminbff

import (
	"context"
	"fmt"

	"github.com/TBD54566975/ftl/go-runtime/ftl" // Import the FTL SDK.
)

type RandoVendorSecret struct {
	Hi string
}

type RandoVendorClient struct {
	ApiKey string
}

func (c *RandoVendorClient) doSomething() {}

var randoVendorClient = ftl.Map(ftl.Secret[RandoVendorSecret]("json_test"), func(ctx context.Context, sec RandoVendorSecret) (RandoVendorClient, error) {
	fmt.Println(sec)

	return RandoVendorClient{ApiKey: sec.Hi}, nil
})

type EchoRequest struct {
	Name ftl.Option[string] `json:"name"`
}

type EchoResponse struct {
	Message string `json:"message"`
}

//ftl:verb
func Echo(ctx context.Context, req EchoRequest) (EchoResponse, error) {
	client := randoVendorClient.Get(ctx)
	client.doSomething()
	return EchoResponse{Message: fmt.Sprintf("Hello, %s!", req.Name.Default("anonymous"))}, nil
}

Strongly typing the secret as described here: #1295 (comment) would be awesome

@github-actions github-actions bot added the triage Issue needs triaging label May 15, 2024
@alecthomas
Copy link
Collaborator

I think if you just put JSON into 1Password it should work, at least that is the idea. Have you tried that?

@alecthomas
Copy link
Collaborator

Oh haha I didn't see the screenshot 😂

@alecthomas
Copy link
Collaborator

Closing in favour of #1498 which defines a solution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants