Skip to content

Order of paths injected to phase run #528

New issue
New issue
Open
Open
Order of paths injected to phase run#528
Labels
enhancementNew feature or request
@sgohl

Description

@sgohl
sgohl
opened on Apr 2, 2025

Is your feature request related to a problem?

When supplying --path "", it's not clear in which order all secrets and possible folders are imported into the environment. After some testing I found out, the order seems to be by last changed

Describe the solution you'd like

I need the secrets exported in the exact order I provide the paths:

phase run --app myapp --env staging --path "/ folder1 folder2"

Background: I want to use overrides for a specific environment using folders.
For example, a key named FOO in the root path of the staging environment should be overwritten by creating the same key name FOO with an alternate value in a folder.
This will work until the secret in the root path gets changed, then the root key is the winning secret.
The point behind this is: The root path and folders are going to be used together in one app, not dedicated.
Additional Environments would not solve this problem as they also should have their folders for overwrites.

Describe alternatives you've considered

I started making this possible with a for-loop that pulls the given path order and output into an .env file

    ( for PHASE_PATH in ${PHASE_PATHS}
    do
        phase secrets export --app ${PHASE_APP} --env ${PHASE_ENV} --path ${PHASE_PATH}
    done ) > /app/.env

Problem is, shell and php are very strict regarding key names. A typo in a key, lets say a key has a dash or dot in it, will cause the application to fail starting. phase run does not cause problems and just exports the key name as is without problems.

I tried the same for-loop with phase run

for PHASE_PATH in ${PHASE_PATHS}
do
 phase run --app ${PHASE_APP} --env ${PHASE_ENV} --path ${PHASE_PATH} 
done

But the second run seem to reset and empty the previous environment completely:

[10:13:07] 🚀 Injected 224 secrets from Application: up_core, Environment: Development                                                                          run.py:77
                                                                                                                                                                         
[10:13:07] 🚀 Injected 0 secrets from Application: , Environment: , Path: folder1                                                                                 run.py:75

Even run in the same shell, the environment variables only persist as long as phase run is running.
you can't do

phase run  && printenv

It seems by design but I wonder whether there's a trick around this

Note: https://docs.phase.dev/console/secrets#override-a-secret-personal-secrets does not solve my problem

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions