Rotating db secrets picks up wrong branch

Help
,
1

Hey, after your security incident I am trying to rotate the database secrets.

  • I cannot manually edit the environment variables related to the neon integration
  • When following your guide I am advised to “reset password” in Neon. This does not update the env variables in Vercel
  • I then discovered the “rotate secrets” button. This “works”, but it picks up either the wrong database or the wrong branch
  • So I end up with what seems to always be the last db or branch that was created

The only way out of this mess you made I currently see is to nuke all branches and dbs except the production branch, then rotate secrets again.

How can this be so buggy? Aren’t you like a big hoster?

3

Ok, now the “rotate secrets” button disappeared and there is a Vercel incident again…

I cannot edit the DB connection values in the environment variables manually. And you pull the wrong ones automatically. This is a pretty big fuck up to just roll out to your users. Please fix this. I mean it’s cool to automate shit. But why the hell can I not edit these variables?

4

I now removed the connection completely and added it again. It picks up the completely wrong DATABASE_URL that is not present in any neon branch.

5

Hey,

when I click “Rotate Integration Secrets” for my Neon database, it does not pick up the main (default) branch connection strings, but the latest branch (dev). Since I cannot edit environment variables manually I am now stuck with a production deployment without a working database connection.

Please fix this.

6

Sorry for the delay here - did you manage to get this to work?

7

@pawlean I don’t see the rotate secrets button again? When will this be fixed?