You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
No, it is more of a limitation I would say (or maybe more like missing a little bit of sugar :) ).
Describe the solution you'd like
Not sure if I am the only one trying to inject a single key from a JSON based secret value with spring-cloud-gcp-secret-manager, but it would be great!
Let's say for example a new form that looks like this is added:
sm://<secret-id>/json/<JSONPath>
This could allow someone to pick a single value from let's say this JSON:
Content of my-database's secret within Secret Manager:
Describe alternatives you've considered
The example I gave above is really simplified and can be avoided by creating two secrets within the Secret Manager, but when you are dealing with many services you end up with a ton of secrets holding single values that, in the end, relates to only one service. Plus, if multiple values must be changed at the same time, new versions must be added to a lot of secrets instead of just one. Here's an example with a Kafka service:
a single JSON based secret (my-kafka):
{
"bootstrap-servers": "server-a:1234,server-b:1234",
"trust-store-certificates": "MY CERT 1",
"key-store-certificate-chain": "MY CERT 2",
"key-store-key": "MY KEY",
"schema-registry-url": "http://schema:1234",
"schema-registry-username": "user",
"schema-registry-password": "very-secret"
}
a bunch of secrets:
my-kafka-bootstrap-servers: server-a:1234,server-b:1234
my-kafka-trust-store-certificates: MY CERT 1
my-kafka-key-store-certificate-chain: MY CERT 2
my-kafka-key-store-key: MY KEY
my-kafka-schema-registry-url: http://schema:1234
my-kafka-schema-registry-username: user
my-kafka-schema-registry-password: very-secret
Additional context
This feature request came to me since I am using the ExternalSecrets operator (https://external-secrets.io/latest/) for Kubernetes clusters, and it supports it that kind of stuff with the Secret Manager:
@thecanadianroot This seems more like a feature request for Spring Boot. We simply provide an external config data source implementation. The feature request would make sense for any external configuration source. So, would you raise this FR in the spring-boot project instead?
Is your feature request related to a problem? Please describe.
No, it is more of a limitation I would say (or maybe more like missing a little bit of sugar :) ).
Describe the solution you'd like
Not sure if I am the only one trying to inject a single key from a JSON based secret value with spring-cloud-gcp-secret-manager, but it would be great!
Let's say for example a new form that looks like this is added:
sm://<secret-id>/json/<JSONPath>
This could allow someone to pick a single value from let's say this JSON:
Content of
my-database
's secret within Secret Manager:Usage within Spring's application.yaml:
Describe alternatives you've considered
The example I gave above is really simplified and can be avoided by creating two secrets within the Secret Manager, but when you are dealing with many services you end up with a ton of secrets holding single values that, in the end, relates to only one service. Plus, if multiple values must be changed at the same time, new versions must be added to a lot of secrets instead of just one. Here's an example with a Kafka service:
Additional context
This feature request came to me since I am using the ExternalSecrets operator (https://external-secrets.io/latest/) for Kubernetes clusters, and it supports it that kind of stuff with the Secret Manager:
If this feature might be considered, I could maybe lend a hand
The text was updated successfully, but these errors were encountered: