search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
14.98k stars 846 forks source link

Tagged secrets aren't loaded #1940

Open mikenikles opened 3 months ago

mikenikles commented 3 months ago

Describe the bug

I have the following folder structure:

service1 requires all secrets stored in the service1 folder. It also requires some secrets from shared1 and some secrets from shared2. I added the shared tag to the secrets that are shared with service1.

To start service1, I use:

infisical run --path="/service1" --tags=shared -- node

This only imports the secrets from the service1 folder, but not any of the secrets tagged with shared.

To Reproduce

Steps to reproduce the behavior:

  1. Add a service1 folder at the root with a secret in it
  2. Add a shared1 folder at the root with two secrets in it. Tag one secret with shared.
  3. Add a shared2 folder at the root with two secrets in it. Tag one secret with shared.
  4. Run infisical run --path="/service1" --tags=shared -- node
  5. Notice that only one secret is available, the one from service1 and neither of the shared secrets.

Expected behavior

3 secrets are available.

Screenshots

N/A

Platform you are having the issue on: Mac

Additional context

This happens in project 3ffa4095-f4aa-4440-bfc0-fe6fa86f8493.

mikenikles commented 3 months ago

Oh hold on, TagSlugs is commented out here and for other functions for that matter. This happened a year ago though 🤔. Does nobody use tags or is it a user error on my side 😅?!

ngoyal16 commented 2 months ago

@mikenikles we also facing same issue.

mikenikles commented 2 months ago

I followed up with the team shortly after my last comment above and they said they'd work on this in the next sprint. Hoping that'll still happen because it's the only deal breaker at the moment for me.

mikenikles commented 1 month ago

The code moved in https://github.com/Infisical/infisical/commit/b2c62c4193910992631096a1a4182e0ad3929c98#diff-80ea578d96d66c6acf2cbe09f430e7efaa087341585e202b83a59030c3ef3f44L132.

The commented out code is now at https://github.com/Infisical/infisical/blob/main/cli/packages/util/secrets.go#L89

mikenikles commented 1 month ago

Here's a video walkthrough of my setup and what I see in the CLI.

https://github.com/user-attachments/assets/0814b171-2510-4b52-8609-9b8a8b55b3eb

maidul98 commented 1 month ago

Hey @mikenikles , this was removed because filtering used to happen on client side. We'll need to add support for filtering with tags via API so that it can be properly filtered by clients such as CLI. We'll provide updates once that is added here

mikenikles commented 1 month ago

Thanks for looking into that and providing an update.

I'll filter client-side for now as a workaround. If you have beta CLI releases let me know, happy to help test it once it's ready.

maidul98 commented 1 month ago

Once this PR is released @mikenikles, your issue should be addressed https://github.com/Infisical/infisical/pull/2242

akhilmhdh commented 1 month ago

@mikenikles Imported secrets cannot be filtered by tags at the moment. The above PR will tag all the secrets in a path thought

mikenikles commented 1 month ago

Awesome, thanks guys for your help. I'll keep an eye on the next release and will report back once I've had a chance to test it.

mikenikles commented 2 weeks ago

Is there potentially a backend change that needs to be rolled out besides the CLI version 0.28.5?

The results I see with 0.28.5 are the same as before where the --tags CLI flag didn't work.

platform on  main [!]
❯ infisical -v
infisical version 0.28.5

platform on  main [!]
❯ infisical --log-level info run --path="/platform/packages/website" --tags="shared" -- node -e "console.log(process.env.SHARED_ONE); console.log(process.env.WEBSITE_ONE); console.log(process.env.WEBSITE_TWO); console.log(process.env.NOT_SHARED_TWO)"
4:59PM INF Injecting 0 Infisical secrets into your application process
undefined
undefined
undefined
undefined

platform on  main [!]
❯ infisical --log-level info run --tags="shared" -- node -e "console.log(process.env.SHARED_ONE); console.log(process.env.WEBSITE_ONE); console.log(process.env.WEBSITE_TWO); console.log(process.env.NOT_SHARED_TWO)"
4:59PM INF Injecting 0 Infisical secrets into your application process
undefined
undefined
undefined
undefined

platform on  main [!]
❯ infisical --log-level info run --path="/platform/packages/website" -- node -e "console.log(process.env.SHARED_ONE); console.log(process.env.WEBSITE_ONE); console.log(process.env.WEBSITE_TWO); console.log(process.env.NOT_SHARED_TWO)"
4:59PM INF Injecting 2 Infisical secrets into your application process
undefined
W1
W2
undefined

Any command that includes --tags results in 0 secrets injected.

akhilmhdh commented 2 weeks ago

Yes you also need to update the backend

mikenikles commented 2 weeks ago

Oh, I use app.infisical.com :). I was wondering if the backend change is already deployed in the Infisical prod environment.

mikenikles commented 1 week ago

I tested again with the v0.30.0 CLI release, but any command that includes --tags="..." still injects 0 secrets. Are you guys able to reproduce the issue based on my video and see the correct secrets injected?