feat: support aws secret manager

[HuanXin-Chen]

Description

Many enterprises are utilizing cloud services from AWS and GCP, relying on the secret manager provided by these platforms to handle sensitive information. Integrating Apache APISIX with these secret managers can streamline the process of using sensitive information within APISIX, enabling users to manage and utilize cloud-stored sensitive data more conveniently, thus enhancing the overall security and usability of the system.

This PR has completed the support for AWS. It added the aws.lua file to the original secret module, allowing users to store their secret information on AWS using the same reference method as before.

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[membphis]

LGTM, except minor code style issues

[membphis]

Just confirm, it will print a nil value in this test case?
And it will be considered as expected output, it make me little confused

I prefer this way:

if value then
    ngx.say("secret value: ", value)
end

ngx.say("all done")

[HuanXin-Chen]

fixed

[membphis]

if we need to reuse the function get, the current style is good.

In this code, we do not need to reuse function get, so _M.get is better to read and understand

[membphis]

LGTM

[kayx23]

Hi, following the doc to configure this plugin (configured the region, access_key_id, and secret_access_key), I am running into failed to retrtive data from aws secret manager unable to get local issuer certificate error:

[lua] secret.lua: fetch(): failed to fetch secret value: failed to retrtive data from aws secret manager: SecretsManager:getSecretValue() failed to connect to 'https://secretsmanager.ap-southeast-2.amazonaws.com:443': 20: unable to get local issuer certificate, client: 192.168.65.1, server: _, request: "GET /anything HTTP/1.1", host: "127.0.0.1:9080"

Any suggestion?

[HuanXin-Chen]

Hi, following the doc to configure this plugin (configured the region, access_key_id, and secret_access_key), I am running into failed to retrtive data from aws secret manager unable to get local issuer certificate error:

[lua] secret.lua: fetch(): failed to fetch secret value: failed to retrtive data from aws secret manager: SecretsManager:getSecretValue() failed to connect to 'https://secretsmanager.ap-southeast-2.amazonaws.com:443': 20: unable to get local issuer certificate, client: 192.168.65.1, server: _, request: "GET /anything HTTP/1.1", host: "127.0.0.1:9080"

Any suggestion?

You need to install the CA certificate using the command: sudo apt-get install ca-certificates.

And then, make sure that APISIX has configured it with the following setting: ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt.

[kayx23]

When I used Vault previously I didn't remember having to go through this setup (but again the vault instance is running locally in Docker). What attributed to this differences? 🤔

[HuanXin-Chen]

When I used Vault previously I didn't remember having to go through this setup (but again the vault instance is running locally in Docker). What attributed to this differences? 🤔

This is because HTTPS is different from HTTP.