Skip to content

Build-time Secrets Injection #795

New issue
New issue
Open
Open
Build-time Secrets Injection#795
Assignees
bcpeinhardt
@evgeniy-scherbina

Description

@evgeniy-scherbina
evgeniy-scherbina
opened on Jul 22, 2025
Image

The build-time secrets injection flow:

  1. In provisiondserver in acquireJob function - retrieve secrets from the DB.
  2. Extend AcquiredJob.provisioner.Metadata proto declaration with secrets.
  3. Set retrieved secrets as AcquiredJob.provisioner.Metadata.
  4. In provisioner/terraform update provisionEnv function to expose AcquiredJob.provisioner.Metadata Secrets as environment variables.
  5. Later this environment variables will be read by data sources in terraform-provider-coder.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions