This repository has been archived by the owner on Dec 15, 2020. It is now read-only.
explore options for dealing with non-secret input values #44
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently, all resources in the input stack are created with placeholder values and the deployer tool populates them with the actual values.
This is useful as a way of identifying whether a stack has been updated, but the naive update behavior with this model would result in the input values being reset. This is probably not what we want.
One option would be to read the values before updating the inputs stack and re-overwriting them afterwards.
This creates the potential issue of what happens if something tries to read those values during this gap.
I'm also not sure how Secrets Manager will react to an update: will it attempt to decrypt the value to check it against the provided value to know if this is an update or will it simply override always? Or something else?
Another option would be to add the non-secret values as parameters to the inputs stack. This would make stack updates simpler, but would require stack updates if we want to change the non-secret values in a sane way. It also does not address the issue of secret values.
The text was updated successfully, but these errors were encountered: