Closed
Description
Description
The secrets:decrypt-to-local command exits successfully, even when there are errors.
This seems to be by design, and was changed here:
#43137
Steps to reproduce:
- Do not set an env for the decryption key
- Run
bin/console secrets:decrypt-to-local --force --env=prod - Errors are printed, saying decryption failed.
- Inspect exit code (echo $?), it is 0.
This makes it very hard to have reliable usage in deployment scripts, as no matter if the command fails or not, it exits with code 0 (e.g. missing decryption key) -- for the moment I'm grepping the output to work around this.
I propose either that an appropriate exit code is returned when secrets are not decrypted properly.
This can be opt in, via a CLI flag (e.g. bin/console secrets:decrypt-to-local --force --env=prod --fail-on-errors).
Example
bin/console secrets:decrypt-to-local --force --env=prod **--fail-on-errors**
echo $? // prints 1 if there were errors
OR
bin/console secrets:decrypt-to-local --force --env=prod
echo $? // prints 1 if there were errors