{"html_url": "https://github.com/simonw/datasette/issues/538#issuecomment-508224962", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/538", "id": 508224962, "node_id": "MDEyOklzc3VlQ29tbWVudDUwODIyNDk2Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2019-07-03T19:24:32Z", "updated_at": "2019-07-03T19:24:32Z", "author_association": "OWNER", "body": "Initial syntax suggestion:\r\n```json\r\n{\r\n    \"title\": \"datasette-auth-github demo\",\r\n    \"plugins\": {\r\n        \"datasette-auth-github\": {\r\n            \"client_id\": \"986f5d837b45e32ee6dd\",\r\n            \"client_secret\": {\"$env\": \"GITHUB_CLIENT_SECRET\"}\r\n        }\r\n    }\r\n}\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 463915863, "label": "Mechanism for secrets in plugin configuration"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/538#issuecomment-508225524", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/538", "id": 508225524, "node_id": "MDEyOklzc3VlQ29tbWVudDUwODIyNTUyNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2019-07-03T19:26:32Z", "updated_at": "2019-07-03T19:26:32Z", "author_association": "OWNER", "body": "Another useful option is the ability to load secrets from a file. This allows the file to have permissions set on it to only be read by the Datasette user. It also interacts well with the Kubernetes secrets mechanism, which is file-based.\r\n```json\r\n{\r\n    \"plugins\": {\r\n        \"datasette-auth-github\": {\r\n            \"client_id\": \"986f5d837b45e32ee6dd\",\r\n            \"client_secret\": {\"$file\": \"/secrets/github-client-secret\"}\r\n        }\r\n    }\r\n}", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 463915863, "label": "Mechanism for secrets in plugin configuration"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/538#issuecomment-508346394", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/538", "id": 508346394, "node_id": "MDEyOklzc3VlQ29tbWVudDUwODM0NjM5NA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2019-07-04T05:43:24Z", "updated_at": "2019-07-04T05:43:24Z", "author_association": "OWNER", "body": "Re-opening this because I messed it up: the secret options are still visible in `/-/metadata` because I mutate the dictionary in place!\r\n\r\nhttps://github.com/simonw/datasette/blob/a2d45931935f6bb73605a94afedf9e78308c95d6/datasette/app.py#L273-L279", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 463915863, "label": "Mechanism for secrets in plugin configuration"}, "performed_via_github_app": null}