Update comment on secret reference handling

michalpristas · web-flow · commit 5ce7a6e450ee · 2025-09-24T15:29:38.000+02:00
Clarified comment regarding the handling of secret references in signed data.
diff --git a/internal/pkg/agent/application/actions/handlers/handler_action_migrate.go b/internal/pkg/agent/application/actions/handlers/handler_action_migrate.go
@@ -77,8 +77,8 @@ func (h *Migrate) Handle(ctx context.Context, a fleetapi.Action, ack acker.Acker
 		return err
 	}
 
-	// signed data contains secret reference in a form of $co.elastic.secret{secret_id}
-	// this is replaced by fleet server on serve
+	// signed data contains secret reference to the enrollment token so we extract the cleartext value 
+	// out of action.Data and replace it after unmarshalling the signed data into action.Data
 	// see: https://github.com/elastic/fleet-server/blob/22f1f7a0474080d3f56c7148a6505cff0957f549/internal/pkg/secret/secret.go#L75
 	enrollmentToken := action.Data.EnrollmentToken
 

Original file line number	Diff line number	Diff line change
`@@ -77,8 +77,8 @@ func (h *Migrate) Handle(ctx context.Context, a fleetapi.Action, ack acker.Acker`
`77`	`77`	`return err`
`78`	`78`	`}`
`79`	`79`
`80`		`- // signed data contains secret reference in a form of $co.elastic.secret{secret_id}`
`81`		`- // this is replaced by fleet server on serve`
	`80`	`+ // signed data contains secret reference to the enrollment token so we extract the cleartext value`
	`81`	`+ // out of action.Data and replace it after unmarshalling the signed data into action.Data`
`82`	`82`	`// see: https://github.com/elastic/fleet-server/blob/22f1f7a0474080d3f56c7148a6505cff0957f549/internal/pkg/secret/secret.go#L75`
`83`	`83`	`enrollmentToken := action.Data.EnrollmentToken`
`84`	`84`