Ok, sequence of events as I remember them …
I saved a project version and clicked “publish” in the timeline. All was good.
In my mind this now meant I had a published live version and a dev version in my IDE. Is that correct?
I renamed the project in my IDE and made a couple of cosmetic changes, but I did not publish this version.
I refreshed my browser tab that was running the published version, logged back in, but when I tried to do anything (that involved retrieving a secret) I got an error box (bottom right) saying something like “Your secrets have been cleared.”
I then panicked as the app is live with a customer and re-entered them all, but the live app then gave an error along the lines of “Your secrets may have been tampered with”. I had to publish the current dev version for the newly re-entered secrets to be valid again.
Please could you clarify for me (and others, I’m sure) what actions will affect things like secrets, and probably more importantly encryption keys (secrets I can remember, whereas I auto-generate the encryption keys and replacing those ad-hoc could be a pain).
2 Likes
Hi David,
Yikes! This is not designed behaviour – definitely a bug report. The behaviour you were expecting is correct. We have taken a look through the Secrets service, and identified one error that might be causing these symptoms (although you’ll be pleased to know that it does not cause data loss – it would not have allowed you to encrypt any data with an affected encryption key). The fix to this error is being rolled out tonight.
To help us narrow down this issue (to make sure that the error we’ve fixed is the error you experienced), could you give us a bit more detail about your app?
-
Were you using any dependencies in your app? Were the secrets in the app or the dependency?
-
Had you just created these secrets, moments earlier in your session, or had they been there for a while?
-
If you attempt to retrieve or export these secrets, does it work or print an error?
If you can find a way to reproduce this error reliably (ideally without using a customer-facing app!), then we would be very grateful.
[Moved to Bug Reports, obviously]
I’ll have a go at reproducing it tomorrow, but in the mean time -
- no dependencies
- secrets had been there for a while
- trying to view the empty secrets didn’t show anything nor did I get an email
This app was a clone of another, and I can’t remember if the secrets were carried over from the cloned service or not. So the app would have been renamed twice (once after cloning which was a few days ago to allow me to add a new custom domain but probably before I published it, and once today purely so the browser tab title changed).
Ahh! Cloning an app clears its secrets - or rather, it clears the per-app encryption key that is used to encrypt your secrets. This is what causes the “your secrets have been cleared” message.
However, when you reset one of your secrets, you generated a new encryption key for your app. This will have worked fine for the secret you just reset, but all your other secrets are now mismatched, and will show that weird error about tampering.
So, the bottom line is that when you clone an app, you need to reset all its secrets.
If you want to keep secrets in common between multiple apps, use dependencies! You can have a dependency app with secrets in, and all apps that use that dependency can access its secrets.
(Yes, we will fix the clone process to display those secrets as “empty” rather than having weird errors at runtime :P)
1 Like
Thanks for clarifying.
Is it the same for encryption keys?
Yes. If you want to use the same encryption keys in multiple apps, I suggest getting them from a dependency.
(In fact, given that you appear to be developing a multi-tenant app and cloning it for each customer, what I would probably recommend is a to have a single instance of your app itself, and then have a very thin wrapper for each company, which uses that single instance as a dependency and merely sets up customer-specific state before open_form()ing a page from your common app. Multi-domain apps are on our medium-to-long-term roadmap…)
That was always my intention - this project was supposed to be stand alone but got split up into multiple clients unexpectedly.
So - just to be clear, this had nothing to do with me renaming the project?
Confirmed. Nothing to do with renaming!
1 Like