Skip to content

Add AWS password secret parser plugin#164

Merged
Areson merged 3 commits into
mainfrom
ioberst/aws-secret-plugin
Jun 5, 2026
Merged

Add AWS password secret parser plugin#164
Areson merged 3 commits into
mainfrom
ioberst/aws-secret-plugin

Conversation

@Areson
Copy link
Copy Markdown
Collaborator

@Areson Areson commented Jun 3, 2026
edited
Loading

Why

Blip currently supports only the default RDS JSON shape for AWS Secrets Manager password payloads, so embedders with custom secret formats need to replace the whole DB factory to customize credential parsing.

What

  • Add Plugins.ParsePasswordSecret for mapping raw SecretString or SecretBinary bytes onto blip.Secret
  • Keep aws.Secret.GetSecret source-compatible and add GetSecretPayload for raw secret bytes
  • Use the parser in the Secrets Manager credential reload path while preserving default username/password behavior
  • Add parser and credential-path tests, and update AWS/config/integration docs

References

Validated with:

go test ./... -run 'TestDefaultPasswordSecretParser|TestPasswordSecretCredentialFunc|^$'

@Areson Areson marked this pull request as ready for review June 3, 2026 22:20
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Jun 3, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@Areson Areson force-pushed the ioberst/aws-secret-plugin branch from 85dc6b5 to 0cadce1 Compare June 3, 2026 22:36
daniel-nichter
daniel-nichter reviewed Jun 4, 2026
View reviewed changes
Comment thread dbconn/factory.go Outdated
daniel-nichter
daniel-nichter reviewed Jun 4, 2026
View reviewed changes
Comment thread blip.go Outdated
daniel-nichter
daniel-nichter approved these changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@daniel-nichter daniel-nichter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:stamp:

...

Wait a minute! I don't work for you any longer! :-D

/me goes back to chopping wood

@Areson
Copy link
Copy Markdown
Collaborator Author

Areson commented Jun 5, 2026

/me goes back to chopping wood

Thanks for the stamp Hemingway!

@Areson Areson merged commit 09de0f2 into main Jun 5, 2026
5 checks passed
@Areson Areson deleted the ioberst/aws-secret-plugin branch June 5, 2026 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JashLal JashLal JashLal approved these changes

+1 more reviewer

@daniel-nichter daniel-nichter daniel-nichter approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Areson @github-advanced-security @daniel-nichter @JashLal