rubenf
rubenf2y ago

CLI now supports ` plain secrets` for

CLI now supports --plain-secrets for both pull and push to handle them as plain instead of being encrypted by the workspace key.
5 Replies
Alper
Alper15mo ago
i found a potential bug. when i pull the workspace via wmill sync pull my variables that have is_secret enabled show their value in plain text MONGODB_PASS.variable.yaml 
account: null
description: ''
value: <THE_REAL_PLAIN_PASSWORD>
is_expired: false
is_oauth: false
is_secret: true
account: null
description: ''
value: <THE_REAL_PLAIN_PASSWORD>
is_expired: false
is_oauth: false
is_secret: true
rubenf
rubenfOP15mo ago
ah yes definitely a bug ... I can't reproduce though would you be able to share more reproduction steps?
Alper
Alper15mo ago
not sure what's specific about my setup. * self-hosted windmill on my own vps via official docker-compose * happens with fresh and subsequent pull commands from my local machine (manjaro linux) * happens with and without --raw flag would it help if i create a token for you so that you can pull from my instance? the secrets are compromised already so i have to change them anyway same for my openai resource btw, the key is written in plaintext
rubenf
rubenfOP15mo ago
I can always try and see if I can reproduce
Alper
Alper15mo ago
sending you credentials by DM