Skip to content

fix: de-duplicate batch creations/upserts#5545

Merged
varonix0 merged 1 commit intomainfrom
daniel/batch-upsert-deduplication
Feb 25, 2026
Merged

fix: de-duplicate batch creations/upserts#5545
varonix0 merged 1 commit intomainfrom
daniel/batch-upsert-deduplication

Conversation

@varonix0
Copy link
Member

@varonix0 varonix0 commented Feb 25, 2026

Context

Added de-duplication for input secrets on the batch update (supports upsert) and batch create endpoints. Previously it was possible to pass in multiple secrets with the same key in the same secret path, resulting in duplicate secret versions for the same key, essentially breaking the secret entirely.

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Read the contributing guide

@varonix0 varonix0 self-assigned this Feb 25, 2026
@maidul98
Copy link
Collaborator

maidul98 commented Feb 25, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 25, 2026

Greptile Summary

Adds de-duplication for batch secret operations to prevent duplicate secret versions with the same key.

Key changes:

  • createManySecret: deduplicates input secrets by key before processing, keeping last occurrence
  • updateManySecret: deduplicates secrets within each path before processing, keeping last occurrence
  • prevents creating duplicate secret versions that would break secrets entirely

Considerations:

  • deduplication is silent - users won't know if duplicates were removed from their request
  • keeping "last occurrence" is a sensible default but may not match user expectations if they assume first-wins or error-on-duplicate

Confidence Score: 4/5

  • This PR is safe to merge - it fixes a critical bug that allowed duplicate secret versions
  • The implementation correctly prevents duplicate secret keys in batch operations. Minor issue: silent deduplication may confuse users who don't realize duplicates were removed. Logic is sound and follows the existing codebase patterns.
  • No files require special attention - the change is straightforward and well-contained

Important Files Changed

Filename Overview
backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts Adds de-duplication logic for batch secret creation and update operations by keeping last occurrence of duplicate keys

Last reviewed commit: a7f57d7

greptile-apps[bot]
greptile-apps bot reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

@varonix0 varonix0 merged commit a13c925 into main Feb 25, 2026
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlosmonastyrski carlosmonastyrski carlosmonastyrski approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@varonix0 varonix0

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@varonix0 @maidul98 @carlosmonastyrski