Currently the builds fail fast because they don't have a username to use with the password. They aren't encoded in the git url like with ssh types.
The username needs to be saved into the Secret service with the password so it can be retrieved in future builds. Otherwise the username will always need to be provided by the user.
But SSH repos keep the username with the rest of the uri. This is more information leak than desired.
--
This will require changes to the way we get/set secrets since we're assuming that we only use a single key value. This appears to be the default from the hashicorp_vault crate.
I think my choices are to make 2 calls to Vault, or to use serde to save a hashmap and have a single call to vault. The latter choice might scale better.
Currently the builds fail fast because they don't have a username to use with the password. They aren't encoded in the git url like with ssh types.
The username needs to be saved into the Secret service with the password so it can be retrieved in future builds. Otherwise the username will always need to be provided by the user.
But SSH repos keep the username with the rest of the uri. This is more information leak than desired.
-- This will require changes to the way we get/set secrets since we're assuming that we only use a single key
value. This appears to be the default from thehashicorp_vaultcrate.I think my choices are to make 2 calls to Vault, or to use serde to save a hashmap and have a single call to vault. The latter choice might scale better.