feat(deploy): pass Modal credentials as args (per-invocation, not ambient env)#40
Merged
Merged
Conversation
…ient env) flow deploy modal --modal-token-id ... --modal-token-secret ... lets an unattended/multi-account caller (e.g. our always-on cloud VPS) deploy on behalf of a specific account without touching ambient modal auth. DeploySpec gains a credentials dict; ModalDeployer injects MODAL_TOKEN_ID/SECRET into the deploy SUBPROCESS env only — never os.environ — so concurrent per-tenant deploys can't leak tokens between each other. Omitted = ambient modal auth as before. Test asserts the token lands in the subprocess env and not in os.environ.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
For the managed product, a non-technical user just pastes their Modal token and
we deploy the backend for them. The deploy capability already lives here
(
flow deploy modal); the token handling stays cloud-side. But the cloud isan always-on VPS deploying for many accounts — it can't rely on ambient modal
auth (
~/.modal.toml) or mutate globalMODAL_TOKEN_*env (races/leakage acrossconcurrent tenant deploys). So
flow deployneeds to accept the token as args.What
flow deploy modal --modal-token-id ... --modal-token-secret ...DeploySpec.credentialscarries them;ModalDeployerinjectsMODAL_TOKEN_ID/MODAL_TOKEN_SECRETinto the deploy subprocess env only —never
os.environ. Concurrent per-account deploys stay isolated.interactive use).
Tests
FLOW_GPU_APP_NAME) and doesnot leak into
os.environ. Full suite: 38 passed, ruff clean.