-
Notifications
You must be signed in to change notification settings - Fork 933
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets not bound to a function have a value when using the emulator #6905
Comments
Hey @tzappia, thanks for the detailed report and for sharing your observations. This is a lot of info! I was able to reproduce the behavior you mentioned. When using the emulator, the value of the secret in To address one of the issues you observed(When the value of the secret is updated in production...). When you set a new value for a secret, you would also have to update the function which references that secret so that it would pick up the latest value. See this documentation for reference. As for the second one, I’ll also inform our engineering team about the issue. |
Thank you for the bug report. A few comments:
This is the expected behavior. Secrets in environment variables are fixed at container start time. While there is API support for pinning to the version "latest", Firebase opted to not allow this because it will lead to a fleet where different containers of the same function are using different versions of the secret. If you call
This is a tough problem that may not be fixable without other dramatic impact. Unlike production, the emulator runs all functions as a single process. This is to help make sure |
This issue has bitten us sooooo many times. Basically every engineer we onboard makes the mistake of adding a secret but forgets to add the secret to the functions that need it but when they test locally everything works as expected. It then gets deployed to production and BAM! It blows up. Has anyone figured out a way to enforce this for local dev with the emulators with just a wrapper function? |
[REQUIRED] Environment info
firebase-tools: 13.5.2
Platform: macOS
[REQUIRED] Test case
[REQUIRED] Steps to reproduce
Run the above function in both production and in an environment using the emulator. I used
.secret.local
and.env.local
to give the secret a value for the emulated environment and used Cloud Secret Manager to provide a value for the production environment.[REQUIRED] Expected behavior
Without
secrets
being bound to the function,secret.value()
should beundefined
at runtime. See documentation.[REQUIRED] Actual behavior
In production,
secret.value()
is undefined. In the emulated environment, the value from.secret.local
is returned.Additional observations
There were some additional issues observed during testing of this. It may be expected behaviour, but if not I'm happy to raise additional bugs.
secret.value()
immediately. I had to redeploy the function to start seeing the new value.secrets
to the function, run the function, then change the code to no longer bind thesecrets
(as in the test case) thensecret.value()
continues to return the value instead ofundefined
.The text was updated successfully, but these errors were encountered: