Drone6+ secret mapping error message

garadox · April 11, 2018, 1:38pm

Think I found a bug in handling mis-mapped secrets with drone6+. Consider the following syntax:

my-task:
image: docker.com/foo/bar:latest
secrets:
- source: my_secret
- target: secret_var

Accidentally adding the second dash means we’re declaring a target without a source. When the build runs, you get the following error: Error response from daemon: invalid environment variable: =ACTUAL_SECRET_VALUE

Can the mapping be updated to return a better error when you declare a target without a source, and also not leak the secret value?

bradrydzewski · April 11, 2018, 3:58pm

We have a linter that can catch these sort of issues, if you would like to send a pull request: https://github.com/drone/drone-yaml-v1/blob/master/config/linter/check.go

meinenec · February 7, 2019, 8:59pm

I just ran into the same issue and came across this older topic.
Seems like Drone shouldn’t print out misconfigured secrets by default.

Is this linter automatically called before a build is ran or is this something a user would run?

bradrydzewski · February 7, 2019, 9:57pm

this thread describes behavior in legacy Drone 0.6 and we are now on Drone 1.0 which masks secrets in the build logs.