Add a mutex around loading secrets

Loading secrets may ask for use input, so we need to ensure only one thread does it at a time.
2024-09-16 14:44:39 +01:00
parent 876eebc7c5
commit 6bbbd81da1
2 changed files with 8 additions and 2 deletions
--- a/lib/kamal/secrets.rb
+++ b/lib/kamal/secrets.rb
@@ -8,10 +8,14 @@ class Kamal::Secrets
  def initialize(destination: nil)
    @secrets_files = \
      [ ".kamal/secrets-common", ".kamal/secrets#{(".#{destination}" if destination)}" ].select { |f| File.exist?(f) }
+    @mutex = Mutex.new
  end

  def [](key)
-    secrets.fetch(key)
+    # Fetching secrets may ask the user for input, so ensure only one thread does that
+    @mutex.synchronize do
+      secrets.fetch(key)
+    end
  rescue KeyError
    if secrets_files
      raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"