add secret_key for getting secret value

[wangzz2019]

What does this PR do?

Described in issue #375
would like to add DD_API_KEY_SECRET_KEY for secret key setting

Motivation

would like to solve the issue soon

Testing Guidelines

Additional Notes

Types of changes

• Bug fix
• New feature
• Breaking change
• Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

• This PR's description is comprehensive
• This PR contains breaking changes that are documented in the description
• This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
• This PR impacts documentation, and it has been updated (or a ticket has been logged)
• This PR's changes are covered by the automated tests
• This PR collects user input/sensitive content into Datadog
• This PR passes the integration tests (ask a Datadog member to run the tests)
• This PR passes the unit tests
• This PR passes the installation tests (ask a Datadog member to run the tests)

[bryantbiggs]

SecretsManager can return plaintext, its not always json and for the forwarders I believe it is the plaintext that is used so this would fail

[wangzz2019]

Yes, secretstring is a plaintext as string

>>> import json
>>> s='{"secret_key":"apikey"}'
>>> print(s)
{"secret_key":"apikey"}
>>> print(json.loads(s)["secret_key"])
apikey

[bryantbiggs]

sorry, what I meant to say is that the value stored in SecretsManager is just the API key itself like 'xxxxxxxxxxxx' which means this would break for everyone who has it setup this way

[wangzz2019]

Oh, Yes, agree with you bryanbigs.
If so, at least we should provide an options for people who used secret_key

[tianchu]

@wangzz2019

If so, at least we should provide an options for people who used secret_key

Does any AWS or Datadog doc lead you to storing the api key in the {"secret_key":"apikey"} JSON format, instead of in the plain-text/string format?

[wangzz2019]

@tianchu
There is nothing mentioned in our docs, but here is the AWS documents:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html

Specify the details of your custom secret as Key and Value pairs. For example, you can specify a key of UserName, and then supply the appropriate user name as the value. Add a second key with the name of Password and the password text as the value. You could also add entries for Database name, Server address, TCP port, and so on. You can add as many pairs as you need to store the information you require.

Alternatively, you can choose the Plaintext tab and enter the secret value in any format.

Key Value pairs is the default options on console.
If we only support plaintext, it is better to mention it in our docs

[tianchu]

Closing this PR, as I think it's better to update the doc, rather than giving users two options to store the api key in secrets manager, which may cause even more confusion in the future. See the PR for doc updates: #385