Cells 1.0 - Rails secrets
Problem
We think application secrets as exposed by Rails.application.secrets
, which are read from secrets.yml
may have to be shared between Cells just like data from application_settings
should be.
The use case here is:
- Developer sets up a secret key via
secrets.yml
- This file is deployed with a particular Rails instance on a particular Cell, often used to sign tokens
- When a client fetches a public key e.g. via
/oauth/discovery/keys
, we must ensure that whichever Cells handles this request, the matching public key is returned
So either these secrets must be shared between all Cells, or if they configure secrets that are cell-local, we must route requests to the same Cell that originally used this secret to sign something.
See https://docs.gitlab.com/ee/development/application_secrets.html#secret-entries for list of secrets
Edited by Thong Kuah