checkly-cli icon indicating copy to clipboard operation
checkly-cli copied to clipboard
verified publisher icon checkly

bug: can't pass a secret to Slack alert channel from an env file

Open ducatore opened this issue 4 months ago • 10 comments

Node.js version

all

NPM version

all

@checkly/cli version

6.4.0

Steps to reproduce

Create a Slack alert channel and use an env var to get the the webhook url

export const slackChannel = new SlackAlertChannel('slack-channel-1', {
  url: new URL(process.env.WEBHOOK_URL_SECRET),
  channel: '#ops',
  ...sendDefaults
})

Execute the test using an env file:

npx checkly test --env-file=.env

Outpu

Parsing your project... !
    Error: Error loading file '/tmp/debug-checkly/__checks__/resources/alert-c
    hannels/slack/alert-checkly-dev.check.ts'
    TypeError: Invalid URL
        at new URL (node:internal/url:826:25)
        at /tmp/debug-checkly/__checks__/resources/alert-channels/slack/alert-
    checkly-dev.check.ts:5:8
        at async Function.import 
    (/tmp/debug-checkly/node_modules/jiti/dist/jiti.cjs:1:202945)
        at async InitializedJitiFileLoaderState.loadFile 
    (/tmp/debug-checkly/node_modules/checkly/dist/loader/jiti.js:45:31)
        at async JitiFileLoader.loadFile 
    (/tmp/debug-checkly/node_modules/checkly/dist/loader/jiti.js:59:16)
        at async MixedFileLoader.loadFile 
    (/tmp/debug-checkly/node_modules/checkly/dist/loader/mixed.js:23:28)
        at async Session.loadFile (/tmp/debug-checkly/node_modules/checkly/dis
    t/constructs/project.js:184:35)
        at async loadAllCheckFiles (/tmp/debug-checkly/node_modules/checkly/di
    st/services/project-parser.js:117:13)
        at async parseProject (/tmp/debug-checkly/node_modules/checkly/dist/se
    rvices/project-parser.js:54:5)
        at async Test.run 
    (/tmp/debug-checkly/node_modules/checkly/dist/commands/test.js:157:25)

What is expected?

process.env.WEBHOOK_URL_SECRET contains the secret and I can use it to set the webhook url

What is actually happening?

The env var loaded from a file seems to be only available later but not when the Slack alert channel is instantiated. It works passing the env var through the command line

WEBHOOK_URL_SECRET=http://example.com npx checkly test

Any additional comments?

No response

ducatore avatar Aug 18 '25 09:08 ducatore

Hi @ducatore,

Let me start by saying that I do agree with you. However, this is working as intended. The environment variable flags (both --env and --env-file) add environment variables to the check's runtime environment. These environment variables are available when the check runs in Checkly. They are not available in the .check.ts files themselves, because these files only define checks, they are not checks.

That being said, we've run into this issue before and I'm leaning towards making the environment variables available in the .check.ts files too as it is leads to a better user experience.

sorccu avatar Aug 18 '25 11:08 sorccu

Thanks for you feedback.

So, except by passing env vars from the command line, is there another way to set a secret used by an alert channel?

Let me describe my use case. I have a Slack alert channel and the webhook url is store in 1password and in Checkly environment variables. In CI/Checkly, env vars in Checkly are used but locally I get the secrets from 1password. To simplify the setup I locally create an env file with the secrets and then I pass this file to Checkly with --env-file.

So in this case I can't use an .env file?

ducatore avatar Aug 18 '25 12:08 ducatore

It depends on your requirements. If you only need the environment variables to be seen by the CLI (the .check.ts files), then the following would work:

(source .env && npx checkly test)

If you need the environment variables to be seen by both the CLI and the check runtime, then you'd need something like this:

(source .env && npx checkly test --env-file=.env)

The parentheses are used to create a sub shell so that your actual shell environment is not changed.

sorccu avatar Aug 18 '25 14:08 sorccu

Oh you're right I can just source my file, thanks!

ducatore avatar Aug 18 '25 14:08 ducatore

I'll keep the issue open because I think this is something we want to change in the future.

sorccu avatar Aug 18 '25 14:08 sorccu

Linked to this issue, the environment variables defined in Checkly are available only to the check's runtime environment?

ducatore avatar Aug 19 '25 08:08 ducatore

Yes.

sorccu avatar Aug 19 '25 08:08 sorccu

Ok so is there a way to pass a secret to an alert channel? In my case, to set the Slack webhook url. (I mean when the tests are running inside Checkly)

ducatore avatar Aug 19 '25 09:08 ducatore

Not with SlackAlertChannel, but you should be able to use a WebhookAlertChannel modeled after https://www.checklyhq.com/docs/integrations/slack/#custom-slack-webhook-integration for the same result. Unlike the slack alert channel which requires a valid Slack URL to even save the alert channel, webhooks allow you to use variables in the URL field: https://www.checklyhq.com/docs/alerting-and-retries/webhooks/#using-variables. However, do note that it says:

Alerting configurations only support the use of environment variables, secrets are not supported.

sorccu avatar Aug 19 '25 09:08 sorccu

Ok, thanks for your help 🙏

ducatore avatar Aug 19 '25 09:08 ducatore