Skip to content

Add a --credentials-file flag for adding/updating providers and remove provider specific flags which expose secrets#2062

Merged
deep1401 merged 7 commits into
mainfrom
fix/credentials-cli
May 13, 2026
Merged

Add a --credentials-file flag for adding/updating providers and remove provider specific flags which expose secrets#2062
deep1401 merged 7 commits into
mainfrom
fix/credentials-cli

Conversation

@deep1401

Copy link
Copy Markdown
Member

Fixes #2056

@netlify

netlify Bot commented May 13, 2026

Copy link
Copy Markdown

Deploy Preview for transformerlab canceled.

Name Link
🔨 Latest commit 4c1e176
🔍 Latest deploy log https://app.netlify.com/projects/transformerlab/deploys/6a04d1d62cca010008eda7e3

@polarityinc

polarityinc Bot commented May 13, 2026

Copy link
Copy Markdown

Paragon Review Skipped

Hi @deep1401! Your Polarity credit balance is insufficient to complete this review.

Please visit https://app.paragon.run to finish your review.

console.print(f"[error]Error:[/error] Invalid JSON in --config: {e}")
raise typer.Exit(1)
if credentials_file is not None:
creds = _read_credentials_file(credentials_file)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need to do the whole if aws/gcp thing here like you did in add? Otherwise it just ends up in the config?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah the motive of doing this was that for gcp, the credentials file would just be the json you download from gcp

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry misunderstood, added the same logic to lab provider update

@deep1401 deep1401 requested a review from dadmobile May 13, 2026 19:10
if bool(aws_access_key_id) != bool(aws_secret_access_key):
console.print(
"[error]Error:[/error] Provide both --aws-access-key-id and --aws-secret-access-key, or neither."
"[error]Error:[/error] --credentials-file for --type aws must contain both "

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did this command:
lab provider add --no-interactive --type aws --config '{"region": "us-east-1"}' --name aws_credfiletest

i.e. I forgot my credentials file. It says it created the provider anyways but then failed the health check.

Ideally an error would print out here saying you need a credential file in non-interactive mode?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay fixed now, there was a guard for gcp but not aws, we have for both now

@deep1401 deep1401 merged commit 32cdf8f into main May 13, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

CLI: support --credentials-file for provider add to keep secrets out of argv

2 participants