Event 'secret-changed'

Event > List of events > Secret events > secret-changed

This feature is scheduled for release in ops 2.0, and is only available when using Juju 3.0.2 or greater.

The secret-changed event is fired on all units observing a secret after the owner of a secret has published a new revision for it. Upon receiving that event (or at any time after that) an observer can choose to:

  • Start tracking the latest revision (“refresh”)
  • Inspect the latest revision values, without tracking it just yet (“peek”)

Once all observers have stopped tracking a specific outdated revision, the owner will receive a secret-remove event to be notified of that fact, and can then remove that revision.

Emission sequence

Like all secret events, secret-changed is automatically triggered by Juju. It is up to the secret owner to create a new revision.

Scenario Example Code Resulting Events
Owner creates a new revision secret.set_content(<new_payload>) (all observers) secret-changed

Observing this event in ops

In the Python Operator Framework, you can observe the event like you would any other:

self.framework.observe(charm.on.secret_changed, self._on_secret_changed)

The SecretChangedEvent exposes no additional attributes on top of those it inherits from SecretEvent.

A typical implementation of _on_secret_changed might look like this:

def _on_secret_changed(self, event: SecretChangedEvent):
    secret = event.secret

    # validate latest revision's content (optional)
    new_content = secret.peek_content()
    if self._verify_that_password_works(new_content['password']):
        # start tracking the latest revision
        new_content = secret.get_content(refresh=True)
        self._reconfigure_workload_credentials(new_content)

Updated with the latest terminology and API changes, as well as various style tweaks.

1 Like