From 03d3c60e9c613d582017340afbb74ccfb16f0d63 Mon Sep 17 00:00:00 2001 From: KCarretto Date: Sat, 8 Nov 2025 22:06:53 +0000 Subject: [PATCH 1/4] fix go run tavern --- tavern/app.go | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/tavern/app.go b/tavern/app.go index 1371f68d6..63f0af80c 100644 --- a/tavern/app.go +++ b/tavern/app.go @@ -369,21 +369,23 @@ func GetPubKey() (*ecdh.PublicKey, error) { return pub, nil } +func newSecretsManager() (secrets.SecretsManager, error) { + if EnvGCPProjectID.String() == "" && EnvSecretsManagerPath.String() == "" { + return secrets.NewDebugFileSecrets("/tmp/secrets") + } + if EnvSecretsManagerPath.String() == "" { + return secrets.NewGcp(EnvGCPProjectID.String()) + } + + return secrets.NewDebugFileSecrets(EnvSecretsManagerPath.String()) +} + func getKeyPair() (*ecdh.PublicKey, *ecdh.PrivateKey, error) { curve := ecdh.X25519() - var secretsManager secrets.SecretsManager - var err error - - if EnvSecretsManagerPath.String() == "" { - secretsManager, err = secrets.NewGcp("") - } else { - secretsManager, err = secrets.NewDebugFileSecrets(EnvSecretsManagerPath.String()) - } - if err != nil { - slog.Error("unable to setup secrets manager") - slog.Error("if you're running locally try setting `export SECRETS_FILE_PATH='/tmp/secrets'` \n") - return nil, nil, fmt.Errorf("unable to connect to secrets manager: %s", err.Error()) + secretsManager, err := newSecretsManager() + if err != nil || secretsManager == nil { + return nil, nil, fmt.Errorf("failed to configure secret manager: %w", err) } // Check if we already have a key From cf62a1cb7d0413288ad429967d01e53840e36344 Mon Sep 17 00:00:00 2001 From: KCarretto Date: Sat, 8 Nov 2025 22:11:02 +0000 Subject: [PATCH 2/4] change default secret path --- tavern/app.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tavern/app.go b/tavern/app.go index 63f0af80c..a925be237 100644 --- a/tavern/app.go +++ b/tavern/app.go @@ -371,7 +371,7 @@ func GetPubKey() (*ecdh.PublicKey, error) { func newSecretsManager() (secrets.SecretsManager, error) { if EnvGCPProjectID.String() == "" && EnvSecretsManagerPath.String() == "" { - return secrets.NewDebugFileSecrets("/tmp/secrets") + return secrets.NewDebugFileSecrets("/etc/tavern-secrets") } if EnvSecretsManagerPath.String() == "" { return secrets.NewGcp(EnvGCPProjectID.String()) From c761469c3a7841b1aea9de3507a6f7f739fa3669 Mon Sep 17 00:00:00 2001 From: KCarretto Date: Sat, 8 Nov 2025 22:11:43 +0000 Subject: [PATCH 3/4] back to temp? --- tavern/app.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tavern/app.go b/tavern/app.go index a925be237..f2e9a197f 100644 --- a/tavern/app.go +++ b/tavern/app.go @@ -371,7 +371,7 @@ func GetPubKey() (*ecdh.PublicKey, error) { func newSecretsManager() (secrets.SecretsManager, error) { if EnvGCPProjectID.String() == "" && EnvSecretsManagerPath.String() == "" { - return secrets.NewDebugFileSecrets("/etc/tavern-secrets") + return secrets.NewDebugFileSecrets("/tmp/tavern-secrets") } if EnvSecretsManagerPath.String() == "" { return secrets.NewGcp(EnvGCPProjectID.String()) From a4583a9367ceb9cdfacf32f2468a49b4e9c1463f Mon Sep 17 00:00:00 2001 From: KCarretto Date: Sat, 8 Nov 2025 22:13:48 +0000 Subject: [PATCH 4/4] Add error level warning --- tavern/app.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tavern/app.go b/tavern/app.go index f2e9a197f..1e554b272 100644 --- a/tavern/app.go +++ b/tavern/app.go @@ -371,6 +371,7 @@ func GetPubKey() (*ecdh.PublicKey, error) { func newSecretsManager() (secrets.SecretsManager, error) { if EnvGCPProjectID.String() == "" && EnvSecretsManagerPath.String() == "" { + slog.Error("No configuration provided for secret manager path, using a potentially insecure default.") return secrets.NewDebugFileSecrets("/tmp/tavern-secrets") } if EnvSecretsManagerPath.String() == "" {