Secret changes don't trigger rolling machine restarts automatically

Hi all!

We’re looking into an issue involving our sync at Doppler. We updated our sync to work with machines for the new V2 platform. Currently, this works by updating the secrets via the GraphQL API and then using the Machines API to perform a no-op update on each machine to trigger a restart so they pick up the new secrets. The problem is related to the fact that seems to push all the deployment/restart logic to the client-side from what I can see looking at the CLI source.

Is there some higher level API we could use to trigger whatever deployment process the user has selected in a way that won’t cause some downtime (as triggering a restart of all running machines does)? Ideally, this would all be handled automatically on’s side when the secrets change, but barring that, some endpoint that could be hit that triggers a machine restart using the customer-selected method would work best. Our syncs aren’t really designed to implement longer lived deployment/rolling-restart logic, so having to worry about this on our end is kind of problematic.

Would love to hear if there’s already some endpoint I’m unaware of or a better way of ensuring machines pick up modified secrets!


Hi @watsonian, we don’t have any endpoints available to do what you’re asking as we’re intentionally putting the logic in the CLI. If Doppler doesn’t have access to the App fly.toml, you would need to retrieve it using the GraphQL API and then use it to run a no-op deploy using the CLI (fly deploy --auto-confirm=true). There is a detached flag as well but I wouldn’t recommend it since an errors incurred would not be shown to the user.

Unfortunately, that’s a bit of a non-starter for us. I suppose the only option will be to add a flag for the sync to completely disable machine restarts and the user will have to do that manually. I do find the decision to put all of this logic in the CLI a bit bewildering. I hope you decide to revisit that decision at some point and provide API endpoints for doing deploys like this.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.