Skip to content

Don't commit credentials.yaml in gh sync#1420

Merged
josephjclark merged 7 commits into
mainfrom
secure-credentials-yaml
May 22, 2026
Merged

Don't commit credentials.yaml in gh sync#1420
josephjclark merged 7 commits into
mainfrom
secure-credentials-yaml

Conversation

@josephjclark
Copy link
Copy Markdown
Collaborator

@josephjclark josephjclark commented May 21, 2026
edited
Loading

Short Description

This PR ensures that the v2 sync proxy used by GH sync does NOT generate a credentials.yaml file.

Users are free to use this of course, but it should not be checked in to GH by default

Fixes #1419

A lot of the work here has been in updating the pull and deploy tests so I can cover credentials.yaml usage

QA Notes

Needs testing against prod one relesaed

AI Usage

Please disclose whether you've used AI anywhere in this PR (it's cool, we just
want to know!):

  • I have used Claude Code
  • I have used another model
  • I have not used AI

You can read more details in our
Responsible AI Policy

@github-project-automation github-project-automation Bot moved this to New Issues in Core May 21, 2026
@josephjclark josephjclark changed the title Secure credentials yaml Don't commit credentials.yaml in gh sync May 21, 2026
@josephjclark
Copy link
Copy Markdown
Collaborator Author

josephjclark commented May 21, 2026

Weird test fails here making me nervous. I'll pick this up in the morning with a clear head.

josephjclark
josephjclark commented May 22, 2026
View reviewed changes
Comment thread packages/cli/src/pull/handler.ts Outdated
project: options.projectId,
force: true,
endpoint: config.endpoint,
apiKey: config.apiKey,
Copy link
Copy Markdown
Collaborator Author

@josephjclark josephjclark May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why I had to add this (it hasn't worked anyway), but I'm also a bit surprised it wasn't there any way. I guess GH sync uses an env var so its not really needed.

But I think I want to leave it in

@josephjclark
Copy link
Copy Markdown
Collaborator Author

josephjclark commented May 22, 2026

Ok, works great pulling and pushing to staging.openfn.org using the v1 commands and an openfn.yaml file. Confident that this small change is very safe.

@josephjclark josephjclark merged commit 76ad967 into main May 22, 2026
7 checks passed
@josephjclark josephjclark deleted the secure-credentials-yaml branch May 22, 2026 14:48
@github-project-automation github-project-automation Bot moved this from New Issues to Done in Core May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Core
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CLI: make credentials.yaml safer

2 participants

@josephjclark @taylordowns2000