Cleanup of orphaned Secure Storage items when a monday-code app goes multi-region

When you switch on multi-region for monday-code, any data in Storage remains in the correct region, because it was already stored in the same region as the account instance, but for Secure Storage, this is not the case.

Secure Storage is not currently scoped to a particular account, so is all stored in a single place, which I’m guessing is the region of the account for the app developer (please confirm).

When you multi region enable your app, there is some orphaning of SecureStorage values if the account ends up moving to hosting on a different region than US (assuming that’s the original region the app was hosted in).

We need to have a way to clean up there orphaned values in the US region. For vendors who are storing user tokens in Secure Storage, customers will potentially ask why they had to login to external systems again. How do we explain that our apps can no longer access that data because it has been left behind in a different region?

I’ve really changed my mind on this.

It should rather be a seamless migration task provided by monday.com that takes the secure storage values for an account from the existing region and migrates it to the new/correct region.

Perhaps this is a process that could be triggered by the developer:

  1. Manually trigger a script to copy secure storage from region X to region Y for a list of account ids or secure storage keys
  2. Enable multi region
  3. Manually trigger a script to delete secured storage from region X for a list of account ids or secure storage keys

Otherwise, the app developer will need to:

  1. Ask all their customers to delete everything in secure storage e.g. user access tokens (provided that they have already build a way to do this).
  2. Publish a multiregion version of their app
  3. Tell all their customers that the update is complete and that they can reauth to get their user access tokens populated into the secure storage in the new region.

The former process would provide a better trust signal to customers, rather than the current potential for orphaned secure storage items

I completely agree with David. There needs to be a migration path that does not involve the app developer having to attempt to design a manual a migration.

Even using mapps storage:export for all installations would need work doing to import the data to the correct place and involve the app developer having to download a load of customer data for the migration. And same again for secure storage.

1 Like