Right now Tutor saves all configuration to the config.yml file. That includes environment variables defined with TUTOR_* prefix. Is that desirable? Sometimes we want to leave some values (ex: secrets) in the environment only and use them from there. This makes running Tutor in CI/CD difficult as it rewrites the config.yml file.
Do you think it’s a bug? Can we fix this behavior? I will be happy to open a PR.
I understand that you might want to update the tutor environment without necessarily re-writing the config.yml file. Although some of your reasons puzzle me:
You are aware that these secrets eventually find their way in the tutor environment, right? For instance, the edx-platform secret key is used in the LMS/CMS settings modules. Moreover, environment variables are accessible by any user on the server, which makes them “less” secure than when they are stored in a dedicated file:
$ POUAC=plonk sleep 4000
$ ps aux | grep sleep
regis 185127 0.0 0.0 8092 472 pts/0 S+ 10:43 0:00 sleep 4000
$ ps eww 185127
PID TTY STAT TIME COMMAND
185127 pts/0 S+ 0:00 sleep 4000 POUAC=plonk SHELL=/bin/bash ...
Anyway, I understand that you might want to skip updating the config.yml file in some cases. Would you like to add a -e/--env-only option to tutor config save? That would be a welcome PR.
@regis Thanks for the explanation. I think having an env only mode to skip modification of config.yml would be enough for those cases since the tutor env will get updated anyway.
I’ve opened a PR. Let me know if you face any issues or want any changes to that.