Other Vercel Integrations getting overwritten by Infisical

[Makisuo]

Describe the bug

When Infisical is updated, it deletes all environment variables for a different integration I use (sentry)

To Reproduce

Steps to reproduce the behavior:

1. Add Sentry Integration to Project
2. Everything should be there
3. Add Infisical Integration
4. Sentry Enviornment Variables are gone

Expected behavior

Shouldnt overried them

Platform you are having the issue on:

Vercel

[vmatsiiako]

Right, this is a very valid use case! @dangtony98 was looking into this some time ago

Thank you for flagging :)

[polypixeldev]

I've just encountered the same issue.

[dangtony98]

Hey @polypixeldev @Makisuo!

I've added this to our roadmap as sync prioritization/behavior (will likely get to it in April). The idea is we'll give users the ability to select which type of sync behavior you want such as:

• Overwriting everything in the integration in favor of the environment variables in Infisical.
• Overwriting everything in Infisical in favor of the environment variables currently in the integration.
• Replacing environment variables in the integration with updated values in Infisical without deleting other variables.

...

This is still an early train of thought but we'll have this fleshed-out in the coming month.

[polypixeldev]

Is this still being worked on?

[sheensantoscapadngan]

I can work on this one @dangtony98

[sheensantoscapadngan]

@vmatsiiako

[delavegar25]

hi, is this still being worked on ?

[nealchandra]

+1, this is quite frustrating. Other integrations often completely automate the setting of their relevant env vars, overriding them essentially creates a bunch of work to transcribe these values to Infisical by hand and increases the likelihood of misconfiguration.

I don't think this fix needs the fine-grained controls discussed above -- as a starting point simply not unsetting env vars that are already set in Vercel and not referenced in Infisical would be significantly preferable to the current behavior of silently nuking them.

[maidul98]

@nealchandra I think the current approach tries to keep Infisical as a single source of truth. This is why it attempts to create a one to one mapping of secrets in Infisical (this can mean deleting ones that do not exist in the thrid party service).

It sounds like you would instead like to sync secrets over to the thrid party service by: update them if they exist, create them if they don't exist and leave eveything else as is? @Makisuo Would you also agree with this flow?

[nealchandra]

@maidul98 Thanks for the reply. Yep that's right -- while I can see the intent behind trying to make Infisical the single source of truth, in practice I think that is doing more harm than good. In reality I think there are always going to be times where it may be desirable to manually set a var or merge the Infisical settings with external ones (i.e. other integrations). There are simply too many utilities and workflows on platforms like Vercel and not all of them will support easy integration with Infisical.

The other reason I'd prefer this approach is because as the user I would still have control to either not use the other integration, manually unset the variables and define them in Infisical, or to allow management of them outside of Infisical. With the current behavior, I have no control at all.

[Makisuo]

Hey, yes that sounds like a good solution and would work for me.

Later on, imo it would be nice to have the option to choose between overwriting or just writing if they don't exist. But it's not nesscaryl a requirement right now, for me at least.

[knd775]

This is a big problem that needs to be warned about when adding the integration. It blew up our application.