Challenge, Easy,  on  CI/CDSecurity
ProblemSolutionDiscussion

In this challenge, you'll practice how to pass secrets to functions and use them within your code.

Preparation

To complete this challenge, ensure you have a Dagger module initialized at ~/my-module using your preferred SDK.

Passing secrets to functions

Implement a function named readSecret that takes a parameter of type secret called secret and simply returns it as-is.

In the following examples, you'll call this function and pass secrets to it from various providers. To complete each challenge, enter the plaintext secret values into the appropriate input fields.

Hint 1 💡

Secret providers are documented here.

Hint 2 💡

The command you need to use:

dagger call read-secret --secret <???> plaintext

💡 plaintext method returns the plaintext value of the secret.

Hint 3 💡

Try addressing the secret: provider://identifier.

Environment variable MY_SECRET:

File ~/.secret:

Result of executing ~/secret.sh:

Read from Vault (running locally) from path my/secret (key: value):

Using secrets in containers

Implement a function named secretVar that accepts a parameter of type secret called secret, and returns an alpine container with the secret mounted as an environment variable named MY_SECRET.

Hint 4 💡

Take a look at this example.

Implement a function named secretMount that accepts a parameter of type secret called secret, and returns an alpine container with the secret mounted as a file at /tmp/secret.

Hint 5 💡

Take a look at this example.

References

Challenge on CI/CDSecurity
Discussion  Discord
dagger

Level up your Server Side game — Join 15,000 engineers who receive insightful learning materials straight to their inbox

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge dagger-working-with-secrets-e45f68c7

This will create a local copy of the challenge content in a directory named dagger-working-with-secrets-e45f68c7. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge dagger-working-with-secrets-e45f68c7

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help