I just realized that Marathon 1.5.8 returns all apps containing the secrets key even when this feature is not enabled.
This makes it hard to write generic transparent reverse proxies in front of Marathon API, that's because Marathon refuses to accept a JSON that it returned. One simple example is:
- Create an app using the UI (just to simplify, could be created via API call);
- GET this app, via /v2/apps/<app-id>;
- Change some values in this resulting JSON, for example cmd;
- do a PUT on /v2/apps/<app-id>.
Marathon refuses this PUT with this error:
If you edit this same JSON and just rename the secrets key to _secrets, Marathon accepts the request and correctly updates the desired app.
I didn't test other versions of Marathon but I believe that this problem exist since the first version with the secrets feature.