search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
13k stars 677 forks source link

Bitbucket integration deletes existing secrets without prompting #807

Open Radiergummi opened 11 months ago

Radiergummi commented 11 months ago

Describe the bug

When connecting a repository on BitBucket to an Infisical project, any existing secrets will be deleted -- even those not defined in Infisical. I would have expected to be prompted about this at least; deleting secrets is a permanent action on BitBucket, and from the way the integration wizard works, it wasn't immediately clear configuring the connection is a destructive action.

To Reproduce

Steps to reproduce the behaviour:

  1. Configure a repository secret FOO on Bitbucket
  2. Configure a project secret BAR on Infisical
  3. Connect the project to the repository
  4. Witness FOO being gone from BitBucket

Expected behavior

Either a confirmation prompt along the lines of "There are {count} existing secrets configured for your Bitbucket repository {name}. They will be deleted if you continue.", or no changes to existing secrets not defined in Infisical.

dangtony98 commented 11 months ago

Hey @Radiergummi!

This is indeed how all the integrations in Infisical currently work (with the intention of Infisical being the ground source of truth for all secrets in a sync) and there are a few issues on this behavior open.

In the near future, we'll definitely be adding either better notices or options for users to select which sync behavior they want (e.g. override all existing secrets or not, etc.)

Radiergummi commented 11 months ago

Ah, I wasn't aware of that -- sorry for not searching properly. I'm looking forward to configurable merging, even though I probably would be happy with a note in the docs or on the integration setup screen already.