Hi,
When querying for secrets with the API, the user cannot see the plain-text value, only a digest.
Is the digest algorithm public so users can determine if a secret changed without updating it and seeing if the digest changes?
A side question: If I update a secret with the same value, will that trigger a deploy?
Thanks,
Yes! That’s exactly what the digest is for. It’s also for us to determine if a secret changes.
If you update a secret with the same value, it’s a noop. We detect that and don’t restart the VMs.
I now realize I did not express myself correctly. My question was:
Is the algorithm to compute the digest public, so that I can compute it on my side, and avoid doing the request to update a secret to the same value.
Although if it is a noop there is less value in doing so.
Ah, yes. It’s just an md5, this is the exact Ruby we use:
digest = Digest::MD5.hexdigest(val)
You are free to compute your own digests. This is something that could change in the future, though I don’t know why we would.
Thanks a lot!