@firestartr/cli 1.50.0-snapshot-2 → 1.50.0

package/build/index.js

@@ -312792,6 +312792,7 @@ var dependabot_secret = __nccwpck_require__(82783);
 
 
 
+
 async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
     const sections = ['actions', 'codespaces', 'dependabot'];
     if ('secrets' in fsGithubRepository.spec) {
@@ -312828,14 +312829,24 @@ async function provisionRepositorySecret(scope, repo, section, repoSecretName, s
 async function createEncryptedSecrect(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
     const { key_id, encrypted_value } = await encryptSecret(repo, secretRef);
     const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
-    const tfStateKey = `_${repo.getTfStateKey()}-${resourceKey}`;
-    const sc = new secretClass(scope, tfStateKey, {
+    const plainTextSecret = repo.resolveSecretRef({
+        name: secretRef.name,
+        key: secretRef.key,
+    });
+    const sha256 = external_crypto_default().createHash('sha256')
+        .update(plainTextSecret)
+        .digest('hex');
+    const secretResourceName = `_${repoSecretName}-${sha256.slice(0, 12)}`;
+    const instanceLifecycle = {
+        ignoreChanges: ['encrypted_value'],
+    };
+    const sc = new secretClass(scope, secretResourceName, {
         secretName: repoSecretName,
         repository: repo.metadata.name,
         encryptedValue: encrypted_value,
         dependsOn: [repoResource],
+        lifecycle: instanceLifecycle,
     });
-    provisioner_src_logger.info(tfStateKey);
     repo.addResourceToStack(resourceKey, sc);
 }
 async function createUnencryptedSecret(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@firestartr/cli",
-  "version": "1.50.0-snapshot-2",
+  "version": "1.50.0",
   "private": false,
   "description": "Commandline tool",
   "main": "build/main.js",