529645194e
A new `Secret` property value is introduced, and plumbed across the engine. - When Unmarshalling properties /from/ RPC calls, we instruct the marshaller to retain secrets, since we now understand them in the rest of the engine. - When Marshalling properties /to/ RPC calls, we use or tracked data to understand if the other side of the connection can accept secrets. If they can, we marshall them in a similar manner to assets where we have a special object with a signiture specific for secrets and an underlying value (which is the /plaintext/ value). In cases where the other end of the connection does not understand secrets, we just drop the metadata and marshal the underlying value as we normally would. - Any secrets that are passed across the engine events boundary are presently passed as just `[secret]`. - When persisting secret values as part of a deployment, we use a rich object so that we can track the value is a secret, but right now the underlying value is not actually encrypted. |
||
---|---|---|
.. | ||
deploytest | ||
providers | ||
builtins.go | ||
plan.go | ||
plan_executor.go | ||
plan_test.go | ||
snapshot.go | ||
source.go | ||
source_error.go | ||
source_eval.go | ||
source_eval_test.go | ||
source_fixed.go | ||
source_null.go | ||
source_query.go | ||
source_query_test.go | ||
step.go | ||
step_executor.go | ||
step_generator.go | ||
target.go |