Migrated secrets not appearing in Drone UI


I have migrated the v0.8 database to v1 for an instance of Drone connected to GitHub.

From a clean database (dropped and re-created), I’ve run the following steps: drone-migrate steps: setup-database migrate-users migrate-repos migrate-secrets migrate-registries remove-renamed update-repos.

All processes complete successfully.

For the repos I’ve testeed this with, the migrate-repos steps reports migrate repository and migration complete.

The remove-renamed step reports skip repository, found in remote system and finally the update-repos step reports updated metadata for the repositories I’ve tested the migration with.

Please note that the activate-repos was not run because we want the development teams to activate their repos themselves as some of the pipelines need updating.

From the Drone database point of view, I can see that the secrets, repos and users have been migrated: the following queries return the expected number of secrets for the repos being tested:

    select repo_id, repo_uid, repo_slug, repo_user_id, user_login, secret_id, secret_name from drone.repos
    left outer join drone.secrets on repos.repo_id = secrets.secret_repo_id
    left outer join drone.users on repos.repo_user_id = users.user_id
    where repos.repo_slug = 'my-organisation/my-repo';

Yet, once the server is started after the migration, a user logs in (with Drone admin rights), the repos have been synced and the admin user activates a repo, no secrets are shown in the the repo’s settings page in the Drone UI.

We are running Drone v1.9.0 and drone-migrate v1.2.0

do you see anything in your server logs that would indicate an error fetching the secrets?

one thing that comes to mind would be encryption… did you enable encryption on your server? If so, there is an added step where you need to encrypt your secrets as part of the migration using the drone-migrate encrypt-secrets command, where you provide the encryption key using --target-database-encryption-key

I see. That must be it. Encryption is enabled on the database.
However, I’ve been using the version with the latest tag (1.2.0) and the encrypt-secrets command is not present there. I can see it’s in the master branch, but there is not yet a release associated with it.
Are you planning on creating soon a release of drone-migrate supporting encrypt-secrets?

Just a quick note to confirm that it works with a docker image of drone-migrate built from the master branch (sha c9531d4)

I will tag a release today! Also you can use the :latest tag from DockerHub which corresponds to master.

@nefischer I just wanted to follow-up and make sure you got everything working

Sorry, only spotted your reply today. Yes, thank you, I got it working.