Improve secret handling by logging missing secrets and deduplicating … (docker#95)

Roman Wu · web-flow · commit 8162aee48ee2 · 2025-08-22T17:45:27.000-07:00
* Improve secret handling by logging missing secrets and deduplicating secret names

* Refactor secret deduplication to use struct for improved memory efficiency
diff --git a/cmd/docker-mcp/internal/gateway/clientpool.go b/cmd/docker-mcp/internal/gateway/clientpool.go
@@ -272,6 +272,7 @@ func (cp *clientPool) argsAndEnv(serverConfig *catalog.ServerConfig, readOnly *b
 		if ok {
 			env = append(env, fmt.Sprintf("%s=%s", s.Env, secretValue))
 		} else {
+			logf("Warning: Secret '%s' not found for server '%s', setting %s=<UNKNOWN>", s.Name, serverConfig.Name, s.Env)
 			env = append(env, fmt.Sprintf("%s=%s", s.Env, "<UNKNOWN>"))
 		}
 	}
diff --git a/cmd/docker-mcp/internal/gateway/configuration.go b/cmd/docker-mcp/internal/gateway/configuration.go
@@ -392,7 +392,9 @@ func (c *FileBasedConfiguration) readToolsConfig(ctx context.Context) (config.To
 }
 
 func (c *FileBasedConfiguration) readDockerDesktopSecrets(ctx context.Context, servers map[string]catalog.Server, serverNames []string) (map[string]string, error) {
-	var secretNames []string
+	// Use a map to deduplicate secret names
+	uniqueSecretNames := make(map[string]struct{})
+
 	for _, serverName := range serverNames {
 		serverName := strings.TrimSpace(serverName)
 
@@ -402,14 +404,20 @@ func (c *FileBasedConfiguration) readDockerDesktopSecrets(ctx context.Context, s
 		}
 
 		for _, s := range serverSpec.Secrets {
-			secretNames = append(secretNames, s.Name)
+			uniqueSecretNames[s.Name] = struct{}{}
 		}
 	}
 
-	if len(secretNames) == 0 {
+	if len(uniqueSecretNames) == 0 {
 		return map[string]string{}, nil
 	}
 
+	// Convert map keys to slice
+	var secretNames []string
+	for name := range uniqueSecretNames {
+		secretNames = append(secretNames, name)
+	}
+
 	log("  - Reading secrets", secretNames)
 	secretsByName, err := c.docker.ReadSecrets(ctx, secretNames, true)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -272,6 +272,7 @@ func (cp clientPool) argsAndEnv(serverConfig catalog.ServerConfig, readOnly *b`
`272`	`272`	`if ok {`
`273`	`273`	`env = append(env, fmt.Sprintf("%s=%s", s.Env, secretValue))`
`274`	`274`	`} else {`
	`275`	`+ logf("Warning: Secret '%s' not found for server '%s', setting %s=<UNKNOWN>", s.Name, serverConfig.Name, s.Env)`
`275`	`276`	`env = append(env, fmt.Sprintf("%s=%s", s.Env, "<UNKNOWN>"))`
`276`	`277`	`}`
`277`	`278`	`}`
Original file line number	Diff line number	Diff line change
`@@ -392,7 +392,9 @@ func (c *FileBasedConfiguration) readToolsConfig(ctx context.Context) (config.To`
`392`	`392`	`}`
`393`	`393`
`394`	`394`	`func (c *FileBasedConfiguration) readDockerDesktopSecrets(ctx context.Context, servers map[string]catalog.Server, serverNames []string) (map[string]string, error) {`
`395`		`- var secretNames []string`
	`395`	`+ // Use a map to deduplicate secret names`
	`396`	`+ uniqueSecretNames := make(map[string]struct{})`
	`397`	`+`
`396`	`398`	`for _, serverName := range serverNames {`
`397`	`399`	`serverName := strings.TrimSpace(serverName)`
`398`	`400`
`@@ -402,14 +404,20 @@ func (c *FileBasedConfiguration) readDockerDesktopSecrets(ctx context.Context, s`
`402`	`404`	`}`
`403`	`405`
`404`	`406`	`for _, s := range serverSpec.Secrets {`
`405`		`- secretNames = append(secretNames, s.Name)`
	`407`	`+ uniqueSecretNames[s.Name] = struct{}{}`
`406`	`408`	`}`
`407`	`409`	`}`
`408`	`410`
`409`		`- if len(secretNames) == 0 {`
	`411`	`+ if len(uniqueSecretNames) == 0 {`
`410`	`412`	`return map[string]string{}, nil`
`411`	`413`	`}`
`412`	`414`
	`415`	`+ // Convert map keys to slice`
	`416`	`+ var secretNames []string`
	`417`	`+ for name := range uniqueSecretNames {`
	`418`	`+ secretNames = append(secretNames, name)`
	`419`	`+ }`
	`420`	`+`
`413`	`421`	`log(" - Reading secrets", secretNames)`
`414`	`422`	`secretsByName, err := c.docker.ReadSecrets(ctx, secretNames, true)`
`415`	`423`	`if err != nil {`