millions-train-9113911/26/2023, 8:16 PM
field, but it seem unused, is there a reason for it? I think it could be great to save the stack config in the same file so that
will also import the configuration.
stack export / import
echoing-dinner-1953111/27/2023, 9:18 AM
millions-train-9113912/04/2023, 12:06 PM
echoing-dinner-1953112/04/2023, 12:50 PM
millions-train-9113912/04/2023, 12:54 PM
dictate the source of the passphrase?
TBH, I'm not even so sure how much passphrase rotation is really used in automated systems to care about breaking it.
echoing-dinner-1953112/04/2023, 12:56 PM
millions-train-9113912/04/2023, 1:02 PM
being decoupled from
(retrieved from history on
) but being encrypted by a secret provider stored in the state.
Seems like lots of things can go wrong here, since obviously config + state updates are not atomic.
file, which now has an empty config section
echoing-dinner-1953112/04/2023, 2:21 PM
I also think that the reason there are not many issues around this, is due to the fact this is mostly unused.Maybe, but might just be that most are just using this and it works fine. It's hard to tell given we don't have telemetry, so we have to generally be cautious.
Seems like lots of things can go wrong here, since obviously config + state updates are not atomic.Well this is why I said config secrets provider should take priority. config can change without a state update, but at least every state update would then consistently be using the provider set by config.
I think that probably the majority of users will not store secrets in configNah this is a bad assumption. Lots of users store secrets in config.
bit connected to my question about, should the last used config for some update should be storedMaybe... I need to look into this more. It is a bit of a confusing system that's grown over the years trying to keep compatibility with what already exists.