Not able to use secrets in toml file in deployed package

[jcechavarri]

Hello!

As described in the docs, I'm using the src/.steamship/secrets.toml file to store some secret variables, which worked fine until recently. However, today I noticed my newest version is not taking that files values into consideration.

If I run ship run local it takes all the variables on secrets.toml correctly, but if I run ship deploy or try to deploy via github actions, those values are not populated.

I'm guessing it has something to do with #553 #593 & #567

I noticed that the file is being read, but overwritten by the default value (""), as the secret_values are unpacked before (and overwritten) by the config values.

Also tried to remove the field from the config or setting the default value to None, but neither worked: error creating instance & requiring the value on creation, respectively.

Any help on how to address this? I find it weird that running the package locally works, but on deployed packages doesn't. @eob do you have any hint on what may I be doing wrong/may be wrong? Thanks!! 😃

[eob]

Hi @jcechavarri ,

Happy to try to help you with this.

Am I correct in understanding that:

• it was once working in the cloud (ship deploy) but no longer is
• the change that caused it to stop was in your project's code (as opposed to a different version of steamship's SDK?)

If you're deploying via GH Action, you will definitely need to make sure that the secrets.toml file is present.

When we develop internally, we make sure to:

• git ignore that file
• in our GH Action for deployment, we use GH Secrets to echo into that file on the fly before running ship deploy

If you want us to take a look at your account-specific data, feel free to send an email to developers@steamship.com with your user handle, package handle, etc and we can explore from there as well.

[jcechavarri]

Hello @eob ! Thanks for the quick reply

✅ It was earlier running in the cloud.
❔I think it is due to a change in the SDK, but not completely sure.

I’m creating the file on the fly through the github actions and hace it gitignored.

What makes me think it was a change in the SDK? I didn’t make any changes on my gh actions file. Also, running the package locally takes the secret variables correctly, but deploying locally (same secrets file) results in empty secrets (“”).

If you think this behavior is possible within the SDK, let me know and I will send the email happily. Thanks again!

[jcechavarri]

Just sent an email as suggested @eob.

However, what seems strange is this:

Running ship run local --no-ngrok loads and logs the secrets:

Deploying (ship deploy) that same package does not log the secrets correctly:

That behavior is the one that makes me think it is something related to the SDK.

[jcechavarri]

This was fixed in 2.17.34.

It was due to the change in the SDK which removed empty string values from the config. Now it is back on:

Closing this 😄