529645194e
A new `Secret` property value is introduced, and plumbed across the engine. - When Unmarshalling properties /from/ RPC calls, we instruct the marshaller to retain secrets, since we now understand them in the rest of the engine. - When Marshalling properties /to/ RPC calls, we use or tracked data to understand if the other side of the connection can accept secrets. If they can, we marshall them in a similar manner to assets where we have a special object with a signiture specific for secrets and an underlying value (which is the /plaintext/ value). In cases where the other end of the connection does not understand secrets, we just drop the metadata and marshal the underlying value as we normally would. - Any secrets that are passed across the engine events boundary are presently passed as just `[secret]`. - When persisting secret values as part of a deployment, we use a rich object so that we can track the value is a secret, but right now the underlying value is not actually encrypted. |
||
---|---|---|
.. | ||
apitype | ||
backend | ||
diag | ||
encoding | ||
engine | ||
graph | ||
operations | ||
resource | ||
testing | ||
tokens | ||
tools | ||
util | ||
version | ||
workspace |