Skip to content

feat(deploy): pass Modal credentials as args (per-invocation, not ambient env)#40

Merged
Stanley-blik merged 1 commit into
mainfrom
feat/deploy-credential-args
Jun 30, 2026
Merged

feat(deploy): pass Modal credentials as args (per-invocation, not ambient env)#40
Stanley-blik merged 1 commit into
mainfrom
feat/deploy-credential-args

Conversation

@Stanley-blik

Copy link
Copy Markdown
Contributor

Why

For the managed product, a non-technical user just pastes their Modal token and
we deploy the backend for them. The deploy capability already lives here
(flow deploy modal); the token handling stays cloud-side. But the cloud is
an always-on VPS deploying for many accounts — it can't rely on ambient modal
auth (~/.modal.toml) or mutate global MODAL_TOKEN_* env (races/leakage across
concurrent tenant deploys). So flow deploy needs to accept the token as args.

What

  • flow deploy modal --modal-token-id ... --modal-token-secret ...
  • DeploySpec.credentials carries them; ModalDeployer injects
    MODAL_TOKEN_ID/MODAL_TOKEN_SECRET into the deploy subprocess env only
    never os.environ. Concurrent per-account deploys stay isolated.
  • Omitted → ambient modal auth, exactly as before (no behaviour change for
    interactive use).

Tests

  • Asserts the token lands in the subprocess env (+ FLOW_GPU_APP_NAME) and does
    not leak into os.environ. Full suite: 38 passed, ruff clean.

…ient env)

flow deploy modal --modal-token-id ... --modal-token-secret ... lets an
unattended/multi-account caller (e.g. our always-on cloud VPS) deploy on behalf
of a specific account without touching ambient modal auth. DeploySpec gains a
credentials dict; ModalDeployer injects MODAL_TOKEN_ID/SECRET into the deploy
SUBPROCESS env only — never os.environ — so concurrent per-tenant deploys can't
leak tokens between each other. Omitted = ambient modal auth as before.
Test asserts the token lands in the subprocess env and not in os.environ.
@Stanley-blik Stanley-blik merged commit 96d1d8a into main Jun 30, 2026
1 check passed
@Stanley-blik Stanley-blik deleted the feat/deploy-credential-args branch June 30, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant