StackStorm · m4dcoder · Jun 26, 2019 · Jun 11, 2019 · Jun 20, 2019 · Jun 25, 2019
diff --git a/st2api/st2api/controllers/v1/pack_configs.py b/st2api/st2api/controllers/v1/pack_configs.py
@@ -107,6 +107,8 @@ def put(self, pack_config_content, pack_ref, requester_user, show_secrets=False)
             config_api.validate(validate_against_schema=True)
         except jsonschema.ValidationError as e:
             raise ValueValidationException(six.text_type(e))
+        except ValueValidationException as e:
+            raise ValueValidationException(six.text_type(e))
 
         self._dump_config_to_disk(config_api)
 

diff --git a/st2common/st2common/util/pack.py b/st2common/st2common/util/pack.py
@@ -25,6 +25,8 @@
 from st2common.constants.pack import PACK_REF_WHITELIST_REGEX
 from st2common.content.loader import MetaLoader
 from st2common.persistence.pack import Pack
+from st2common.exceptions.apivalidation import ValueValidationException
+from st2common.util import jinja as jinja_utils
 
 __all__ = [
     'get_pack_ref_from_metadata',
@@ -102,6 +104,13 @@ def validate_config_against_schema(config_schema, config_object, config_path,
 
     pack_name = pack_name or 'unknown'
 
+    for key in config_object:
+        if (jinja_utils.is_jinja_expression(value=config_object.get(key)) and
+                "decrypt_kv" in config_object.get(key) and config_schema.get(key).get('secret')):
+            raise ValueValidationException('Validation Error: decrypt_kv jinja filter'
+                                           ' specified for auto decrypted fields marked'
+                                           ' with `secret: True`')
+
     schema = util_schema.get_schema_for_resource_parameters(parameters_schema=config_schema,
                                                             allow_additional_properties=True)
     instance = config_object