Skip to content

feat: add secret_key config, deprecate personal_api_key#727

Open
turnipdabeets wants to merge 4 commits into
mainfrom
rename-personal-api-key-to-secret-key
Open

feat: add secret_key config, deprecate personal_api_key#727
turnipdabeets wants to merge 4 commits into
mainfrom
rename-personal-api-key-to-secret-key

Conversation

@turnipdabeets

Copy link
Copy Markdown
Contributor

Problem

The credential used for local feature flag evaluation and remote config accepts either a Personal API Key (phx_...) or a Project Secret API Key (phs_...), but the config field is named personal_api_key. Passing a project secret key to a field called "personal api key" is confusing now that project secret keys exist.

Change

  • Add secret_key as the canonical config field — accepts a Personal API Key or a Project Secret API Key.
  • Keep personal_api_key as a deprecated alias that resolves into secret_key. Non-breaking: existing code keeps working and gets a DeprecationWarning.
  • Prefer secret_key when both are provided.
  • Update docstrings and user-facing error messages to reference secret_key.

Context

From the Slack discussion + PostHog/posthog-js#4046. This covers the rename only. The other two items from that thread — making flag refresh opt-in, and a config to enable/disable local eval independent of the env var — are separate.

Part of a coordinated rename across the backend SDKs (python, node, php, ruby, go, dotnet, rs).

@greptile-apps

greptile-apps Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Comments Outside Diff (1)

  1. posthog/test/test_client.py, line 69-79 (link)

    P1 This existing test still passes personal_api_key to the constructor without wrapping it in assertWarns(DeprecationWarning). The PR's deprecation logic fires the warning whenever personal_api_key is not None and secret_key is None, which is exactly this call's shape. Any CI run with -W error::DeprecationWarning (or filterwarnings = error in pytest.ini) will fail this test. The simplest fix is to migrate the test to use secret_key directly, which is the canonical param being introduced here.

Reviews (1): Last reviewed commit: "feat: add secret_key config, deprecate p..." | Re-trigger Greptile

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

posthog-python Compliance Report

Date: 2026-07-02 16:43:01 UTC
Duration: 176690ms

✅ All Tests Passed!

46/46 tests passed


Capture Tests

29/29 tests passed

View Details
Test Status Duration
Format Validation.Event Has Required Fields 517ms
Format Validation.Event Has Uuid 1507ms
Format Validation.Event Has Lib Properties 1507ms
Format Validation.Distinct Id Is String 1507ms
Format Validation.Token Is Present 1506ms
Format Validation.Custom Properties Preserved 1507ms
Format Validation.Event Has Timestamp 1506ms
Retry Behavior.Retries On 503 9516ms
Retry Behavior.Does Not Retry On 400 3506ms
Retry Behavior.Does Not Retry On 401 3510ms
Retry Behavior.Respects Retry After Header 9513ms
Retry Behavior.Implements Backoff 23517ms
Retry Behavior.Retries On 500 7016ms
Retry Behavior.Retries On 502 7511ms
Retry Behavior.Retries On 504 7507ms
Retry Behavior.Max Retries Respected 23532ms
Deduplication.Generates Unique Uuids 1496ms
Deduplication.Preserves Uuid On Retry 7515ms
Deduplication.Preserves Uuid And Timestamp On Retry 14520ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry 7504ms
Deduplication.No Duplicate Events In Batch 1508ms
Deduplication.Different Events Have Different Uuids 1506ms
Compression.Sends Gzip When Enabled 1507ms
Batch Format.Uses Proper Batch Structure 1507ms
Batch Format.Flush With No Events Sends Nothing 1005ms
Batch Format.Multiple Events Batched Together 1505ms
Error Handling.Does Not Retry On 403 3509ms
Error Handling.Does Not Retry On 413 3508ms
Error Handling.Retries On 408 7513ms

Feature_Flags Tests

17/17 tests passed

View Details
Test Status Duration
Request Payload.Request With Person Properties Device Id 1003ms
Request Payload.Flags Request Uses V2 Query Param 1007ms
Request Payload.Flags Request Hits Flags Path Not Decide 1006ms
Request Payload.Flags Request Omits Authorization Header 1006ms
Request Payload.Token In Flags Body Matches Init 1006ms
Request Payload.Groups Round Trip 1006ms
Request Payload.Groups Default To Empty Object 1007ms
Request Payload.Disable Geoip False Propagates As Geoip Disable False 1006ms
Request Payload.Disable Geoip Omitted Defaults To False 1006ms
Request Payload.Flag Keys To Evaluate Contains Only Requested Key 1007ms
Request Lifecycle.No Flags Request On Init Alone 503ms
Request Lifecycle.No Flags Request On Normal Capture 1509ms
Request Lifecycle.Two Flag Calls Produce Two Remote Requests 1010ms
Request Lifecycle.Mock Response Value Is Returned To Caller 1002ms
Retry Behavior.Retries Flags On 502 1006ms
Retry Behavior.Retries Flags On 504 1006ms
Side Effect Events.Get Feature Flag Captures Feature Flag Called Event 1508ms

Comment thread posthog/test/test_client.py Outdated
The local feature flag / remote config credential now accepts either a
Personal API Key or a Project Secret API Key, so the field is renamed to
secret_key. personal_api_key is kept as a deprecated alias that resolves
into secret_key, with a DeprecationWarning, so existing code keeps working.
- Regenerate public API snapshot for the new secret_key field
- Update the unauthorized-error test to assert secret_key
- Collapse the three secret_key tests into one parameterized table
- ruff format
…ey-to-secret-key

# Conflicts:
#	references/public_api_snapshot.txt
Second assertion (in test_feature_flags) still pinned the old
personal_api_key wording after the message was renamed to secret_key.
@turnipdabeets turnipdabeets marked this pull request as ready for review July 2, 2026 17:19
@turnipdabeets turnipdabeets requested a review from a team as a code owner July 2, 2026 17:19
@greptile-apps

greptile-apps Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Reviews (2): Last reviewed commit: "test: assert secret_key in wrong-key err..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant