It seems secrets can only be set for an entire app and all machines that belong to it.
However, I am interested in letting users run code as described in “Run User Code on Fly Machines” in the documentation. However, it seems that this would mean users have access to all secrets?
Does anyone know how to manage secrets with apps that will also use machines to run user code?
If you’re using the Machines API directly, you should be able to accomplish this by using the processes field on the config. There’s two specific fields, ignore_app_secrets and secrets that should provide the needed functionality wherein if you set ignore_app_secrets to false and explicitly define which secrets you want exposed to the process, all other app secrets are omitted.
We rely on this feature/function for our FKS product.
Thank you so much. Happy to know this is possible!
A bit scary that the default for ignore_app_secrets is false, so I need to make sure not to forget to include it when updating apps.
Yea, it was the original behavior when we first introduced the processes feature and didn’t want to cause a breaking behavioral change when we added support for per process secrets.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.