Skip to content

OAuth client secret starting with dash breaks identity container #2502

New issue
New issue
Open
Open
OAuth client secret starting with dash breaks identity container#2502
Labels
bugProblem when deploying a Data Safe Haven.
@cptanalatriste

Description

@cptanalatriste
cptanalatriste
opened on Nov 25, 2025

✅ Checklist

  • I have searched open and closed issues for duplicates.
  • This is a problem observed when deploying a Data Safe Haven.
  • I can reproduce this with the latest version.
  • I have read through the documentation.
  • This isn't an open-ended question (open a discussion if it is).

💻 System information

  • Operating System: macOS
  • Data Safe Haven version: v5.6.0

📦 Packages

List of packages 
Paste list of packages here

🚫 Describe the problem

If the OAuth Client Secret passed to shm-cvdnetdev-sre-per-container-group-identity happens to start with dash (-), the apricot container won't start (see Log messages).

Image

This is because apricot uses argparse for argument processing, and these kind of arguments is not support (see: https://bugs.python.org/issue9334 and python/cpython#91158)

Image

🌳 Log messages

Relevant log messages

In container instance messages, you should see:

Apricot: error: argument -s/--client-secret: expected one argument

♻️ To reproduce

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugProblem when deploying a Data Safe Haven.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions