From 6bbbd81da16d288832b4dd1de262a3f5da1407aa Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Mon, 16 Sep 2024 14:44:39 +0100 Subject: [PATCH] Add a mutex around loading secrets Loading secrets may ask for use input, so we need to ensure only one thread does it at a time. --- lib/kamal/configuration.rb | 4 +++- lib/kamal/secrets.rb | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/kamal/configuration.rb b/lib/kamal/configuration.rb index 0194bdd24..2758d15ab 100644 --- a/lib/kamal/configuration.rb +++ b/lib/kamal/configuration.rb @@ -9,7 +9,7 @@ class Kamal::Configuration delegate :service, :image, :labels, :stop_wait_time, :hooks_path, to: :raw_config, allow_nil: true delegate :argumentize, :optionize, to: Kamal::Utils - attr_reader :destination, :raw_config + attr_reader :destination, :raw_config, :secrets attr_reader :accessories, :aliases, :boot, :builder, :env, :healthcheck, :logging, :traefik, :servers, :ssh, :sshkit, :registry include Validation @@ -64,6 +64,8 @@ def initialize(raw_config, destination: nil, version: nil, validate: true) @ssh = Ssh.new(config: self) @sshkit = Sshkit.new(config: self) + @secrets = Kamal::Secrets.new(destination: destination) + ensure_destination_if_required ensure_required_keys_present ensure_valid_kamal_version diff --git a/lib/kamal/secrets.rb b/lib/kamal/secrets.rb index 2e9dd23dc..c7d4cc03f 100644 --- a/lib/kamal/secrets.rb +++ b/lib/kamal/secrets.rb @@ -8,10 +8,14 @@ class Kamal::Secrets def initialize(destination: nil) @secrets_files = \ [ ".kamal/secrets-common", ".kamal/secrets#{(".#{destination}" if destination)}" ].select { |f| File.exist?(f) } + @mutex = Mutex.new end def [](key) - secrets.fetch(key) + # Fetching secrets may ask the user for input, so ensure only one thread does that + @mutex.synchronize do + secrets.fetch(key) + end rescue KeyError if secrets_files raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"