diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden index dfc1d0ca15..8996387ff4 100644 --- a/cli/testdata/server-config.yaml.golden +++ b/cli/testdata/server-config.yaml.golden @@ -383,9 +383,6 @@ provisioning: # Time to force cancel provisioning tasks that are stuck. # (default: 10m0s, type: duration) forceCancelInterval: 10m0s - # Pre-shared key to authenticate external provisioner daemons to Coder server. - # (default: , type: string) - daemonPSK: "" # Enable one or more experiments. These are not ready for production. Separate # multiple experiments with commas, or enter '*' to opt-in to all available # experiments. diff --git a/coderd/deployment_test.go b/coderd/deployment_test.go index 66e3990e25..c087526ed0 100644 --- a/coderd/deployment_test.go +++ b/coderd/deployment_test.go @@ -27,6 +27,7 @@ func TestDeploymentValues(t *testing.T) { cfg.PostgresURL.Set(hi) cfg.SCIMAPIKey.Set(hi) cfg.ExternalTokenEncryptionKeys.Set("the_random_key_we_never_expected,an_other_key_we_never_unexpected") + cfg.Provisioner.DaemonPSK = "provisionersftw" client := coderdtest.New(t, &coderdtest.Options{ DeploymentValues: cfg, @@ -46,6 +47,7 @@ func TestDeploymentValues(t *testing.T) { require.Empty(t, scrubbed.Values.PostgresURL.Value()) require.Empty(t, scrubbed.Values.SCIMAPIKey.Value()) require.Empty(t, scrubbed.Values.ExternalTokenEncryptionKeys.Value()) + require.Empty(t, scrubbed.Values.Provisioner.DaemonPSK.Value()) } func TestDeploymentStats(t *testing.T) { diff --git a/codersdk/deployment.go b/codersdk/deployment.go index 4c1acb143d..fc13d53c26 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -1408,7 +1408,7 @@ when required by your organization's security policy.`, Env: "CODER_PROVISIONER_DAEMON_PSK", Value: &c.Provisioner.DaemonPSK, Group: &deploymentGroupProvisioning, - YAML: "daemonPSK", + Annotations: clibase.Annotations{}.Mark(annotationSecretKey, "true"), }, // RateLimit settings { diff --git a/codersdk/deployment_test.go b/codersdk/deployment_test.go index 250be46461..b3f4bc83e2 100644 --- a/codersdk/deployment_test.go +++ b/codersdk/deployment_test.go @@ -71,6 +71,9 @@ func TestDeploymentValues_HighlyConfigurable(t *testing.T) { flag: true, env: true, }, + "Provisioner Daemon Pre-shared Key (PSK)": { + yaml: true, + }, } set := (&codersdk.DeploymentValues{}).Options() diff --git a/docs/cli/server.md b/docs/cli/server.md index f678041901..5a32845378 100644 --- a/docs/cli/server.md +++ b/docs/cli/server.md @@ -779,7 +779,6 @@ Serve prometheus metrics on the address defined by prometheus address. | ----------- | ------------------------------------------ | | Type | string | | Environment | $CODER_PROVISIONER_DAEMON_PSK | -| YAML | provisioning.daemonPSK | Pre-shared key to authenticate external provisioner daemons to Coder server.