Skip to content

improvement(secrets): parallelize save mutations and add admin visibility for workspace secrets#4032

Merged
waleedlatif1 merged 3 commits intostagingfrom
waleedlatif1/secrets-perf-visibility
Apr 8, 2026
Merged

improvement(secrets): parallelize save mutations and add admin visibility for workspace secrets#4032
waleedlatif1 merged 3 commits intostagingfrom
waleedlatif1/secrets-perf-visibility

Conversation

@waleedlatif1
Copy link
Copy Markdown
Collaborator

@waleedlatif1 waleedlatif1 commented Apr 8, 2026

Summary

  • Parallelize personal/workspace env save mutations with Promise.all instead of sequential awaits
  • Skip personal save entirely when only workspace vars changed
  • Remove pointless double transformation in useSavePersonalEnvironment
  • Narrow mutation invalidation scopes (each hook only invalidates its own query key, credential list invalidated once after all mutations via finally)
  • Workspace secrets now visible to admins on focus (matching personal secrets UX), non-admins still see dots

Type of Change

  • Bug fix
  • Enhancement

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@cursor
Copy link
Copy Markdown

cursor bot commented Apr 8, 2026
edited
Loading

PR Summary

Medium Risk
Touches secrets UI and the save flow for personal/workspace environment variables; regressions could expose values to the wrong users or leave caches stale if invalidation timing is wrong.

Overview
Improves the secrets settings page by allowing workspace secret values to be revealed for workspace admins (masked by default and unmasked on focus), while non-admins continue to see masked dots.

Optimizes saving environment variables by skipping the personal save when unchanged, running personal/workspace mutations in parallel with Promise.allSettled, and consolidating credential-list cache invalidation to a single finally block after any save.

Simplifies useSavePersonalEnvironment to send variables directly and narrows environment query invalidation so each mutation only refreshes its own environment query key.

Reviewed by Cursor Bugbot for commit 1cb5810. Configure here.

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 8, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Apr 8, 2026 1:22am

Request Review

@gitguardian
Copy link
Copy Markdown

gitguardian bot commented Apr 8, 2026
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 8, 2026
edited
Loading

Greptile Summary

This PR makes two improvements to the credentials/environment settings feature: (1) parallelizes personal and workspace environment save mutations using Promise.allSettled, skips the personal save when nothing changed, narrows cache invalidation scopes so each mutation only invalidates its own query key, and removes a redundant double-transformation in useSavePersonalEnvironment; (2) extends workspace secrets to be visible to workspace admins on focus, matching the existing UX for personal secrets.

Confidence Score: 5/5

Safe to merge — changes are well-scoped improvements with no correctness issues.

Both features (parallelized save and admin secret visibility) are correctly implemented. The personalChanged diff logic is sound. Using Promise.allSettled + re-throw is the right pattern. Cache invalidation is narrowed correctly. No P0/P1 findings identified.

No files require special attention.

Vulnerabilities

No security concerns identified. Admin-only secret visibility is gated behind a server-sourced workspacePermissions check rather than a client-side flag, and non-admin users continue to receive only bullet characters for workspace secret values.

Important Files Changed

Filename Overview
apps/sim/hooks/queries/environment.ts Removes redundant double-transformation in useSavePersonalEnvironment and narrows cache invalidation scope in all three mutation hooks; changes are correct and improve clarity.
apps/sim/app/workspace/[workspaceId]/settings/components/credentials/credentials-manager.tsx Adds parallelized save logic with personalChanged short-circuit, moves credential-list invalidation to finally block, and adds admin visibility for workspace secrets; no bugs found.

Reviews (4): Last reviewed commit: "fix(secrets): use Promise.allSettled to ..." | Re-trigger Greptile

@waleedlatif1 waleedlatif1 force-pushed the waleedlatif1/secrets-perf-visibility branch from 352c2a5 to 74e0509 Compare April 8, 2026 01:05
@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented Apr 8, 2026

@greptile

@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented Apr 8, 2026

@cursor review

@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented Apr 8, 2026

@greptile

@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented Apr 8, 2026

@cursor review

cursor[bot]
cursor bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 1cb5810. Configure here.

@waleedlatif1 waleedlatif1 merged commit 98be968 into staging Apr 8, 2026
12 checks passed
@waleedlatif1 waleedlatif1 deleted the waleedlatif1/secrets-perf-visibility branch April 8, 2026 01:30
@waleedlatif1 waleedlatif1 mentioned this pull request Apr 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1