-
Notifications
You must be signed in to change notification settings - Fork 347
feat: support secrets in expressions and HTTP node authorization #5708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
andrecalil
wants to merge
17
commits into
main
Choose a base branch
from
feat/support-secrets-http-node
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
d93dbc0
feat: Support Secrets at Http Node
andrecalil f5c5c31
fix for secrets not resolving
andrecalil 0dc8653
fix docs
andrecalil 7dc158d
Merge branch 'main' into feat/support-secrets-http-node
andrecalil 3793337
Merge branch 'main' into feat/support-secrets-http-node
andrecalil e7db6ef
fix: redesign secret usage and address security concerns
andrecalil 5700efd
docs: regenerate component docs after secret usage redesign
andrecalil 2e30eec
fix secrets resolve
andrecalil faefeab
Merge branch 'main' into feat/support-secrets-http-node
andrecalil 4da3b73
Merge branch 'main' into feat/support-secrets-http-node
andrecalil e3dcccb
Update docs location (and added a bit)
andrecalil 0ce878f
fix: avoid full secret leak
andrecalil c1d0d2b
Merge branch 'main' into feat/support-secrets-http-node
andrecalil f7f0fdd
Merge branch 'main' into feat/support-secrets-http-node
andrecalil 2a2d1ae
guard secret manipulation
andrecalil 79855aa
fix gRPC and missing key
andrecalil 23e3162
Merge branch 'main' into feat/support-secrets-http-node
andrecalil File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| title: "Expressions" | ||
| sidebar: | ||
| order: 2 | ||
| --- | ||
|
|
||
| SuperPlane components evaluate expressions to compute dynamic field values, route events, and reference data from other nodes in the canvas. | ||
|
|
||
| ## Where expressions are evaluated | ||
|
|
||
| Any text or expression field on a component accepts the standard `{{ ... }}` placeholder syntax. At execution time, every placeholder is replaced with the value of the expression inside. The same expression body (without the surrounding braces) is also used wherever a component asks for an expression directly (for example the Filter or If condition). | ||
|
|
||
| ``` | ||
| https://api.example.com/repos/{{ $['GitHub PR'].data.repository }} | ||
| ``` | ||
|
|
||
| ## Expression environment | ||
|
|
||
| Inside an expression you have access to: | ||
|
|
||
| - `$` — the run context. Use `$['Node Name'].data.foo` to read fields emitted by an upstream node. The literal `$` alone resolves to the full run context map. | ||
| - `root()` — the event that started the current run. | ||
| - `previous()` — the payload from the immediate predecessor that emitted into the current node. Optionally pass an integer depth (`previous(2)`) to walk further upstream. | ||
| - `secrets("name")` — an organization secret, returned as a map of its keys. See [Secrets in expressions](#secrets-in-expressions) below. | ||
|
|
||
| Standard helpers such as `date`, `duration`, `now`, `timezone`, and `int` are also available. | ||
|
|
||
| ## Secrets in expressions | ||
|
|
||
| Use `secrets("name").key` inside any expression to inject the value of an organization secret. For example: | ||
|
|
||
| ``` | ||
| {{ secrets("api").token }} | ||
| ``` | ||
|
|
||
| resolves to the value stored under the `token` key of the `api` secret. | ||
|
|
||
| Secrets resolved this way: | ||
|
|
||
| - Are looked up at execution time, so each run picks up the latest value of the secret. | ||
| - Are never written back into the saved component configuration. Only the expression `secrets("api").token` is persisted; the actual token only exists in memory during execution. | ||
| - Must select a specific key. Embedding the whole secret (`secrets("api")` without a key) is rejected so the entire decrypted secret cannot leak into a URL, header, payload, or log. | ||
|
|
||
| If a referenced secret or key does not exist at execution time, the run fails with an error identifying the missing secret. | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.