Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[secret-manager]: Add in support for secret rotation date #1064

Merged
merged 5 commits into from
Aug 10, 2023
Merged

[secret-manager]: Add in support for secret rotation date #1064

merged 5 commits into from
Aug 10, 2023

Conversation

willfarrell
Copy link
Member

@willfarrell willfarrell commented Jun 9, 2023
edited
Loading

@KillDozerX2 Can you give this a review and test? I don't personally use this service.

Adds in support for scheduled secret rotation.
Does not support manual secret rotation.

Closes: #1063

@willfarrell willfarrell self-assigned this Jun 9, 2023
@KillDozerX2
Copy link
Contributor

Need some time for this.

@willfarrell
Copy link
Member Author

No worries, no rush

@willfarrell
Copy link
Member Author

@KillDozerX2 Just wanted to follow up on this.

KillDozerX2
KillDozerX2 suggested changes Jul 10, 2023
View reviewed changes
Copy link
Contributor

@KillDozerX2 KillDozerX2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one more request, sometimes the secrets are rotated by external process which results in the NextRotationDate being invalid. Can we provide an option for such a situation that would allow us to use LastChangedDate + cacheExpiry?

@willfarrell
Copy link
Member Author

willfarrell commented Jul 10, 2023
edited
Loading

Can we provide an option for such a situation that would allow us to use LastChangedDate + cacheExpiry

Is that not equivalent to setting the rotation schedule to equal cacheExpiry? If you're managing the rotation schedule yourself, I feel that is be out of scope for the core middy middlewares at this time.

@KillDozerX2
Copy link
Contributor

Can we provide an option for such a situation that would allow us to use LastChangedDate + cacheExpiry

Is that not equivalent to setting the rotation schedule to equal cacheExpiry? If you're managing the rotation schedule yourself, I feel that is be out of scope for the core middy middlewares at this time.

Let's say we update a secret every 30 minutes ourself, we know that the secret has to be reset if cacheExpiry + LastUpdateTime is greater than 30 minutes. This is a real scenario and unfortunately we can't make everybody change the way they do things.

@willfarrell
Copy link
Member Author

Apologies on the delay. I've updated to better support when cacheExpiry is set, allowing the secret to refresh before the rotation window. If you can do another review, I'll get this merged and released.

KillDozerX2
KillDozerX2 approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@KillDozerX2 KillDozerX2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is Good! Thank you ❤️

@willfarrell willfarrell merged commit b2d70e8 into main Aug 10, 2023
9 checks passed
@willfarrell willfarrell deleted the feature/secret-manager-rotation branch August 10, 2023 12:03
mergify bot referenced this pull request in SvenKirschbaum/share.kirschbaum.cloud Aug 13, 2023
@renovate
Update middy to v4.6.0 (#277)
09c0ce7 
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@middy/core](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fcore/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fcore/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fcore/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fcore/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fcore/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/error-logger](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2ferror-logger/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2ferror-logger/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2ferror-logger/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2ferror-logger/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2ferror-logger/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-content-negotiation](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-content-negotiation/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-content-negotiation/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-content-negotiation/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-content-negotiation/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-content-negotiation/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-error-handler](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-error-handler/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-error-handler/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-error-handler/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-error-handler/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-error-handler/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-header-normalizer](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-header-normalizer/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-header-normalizer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-header-normalizer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-header-normalizer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-header-normalizer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-json-body-parser](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-json-body-parser/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-json-body-parser/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-json-body-parser/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-json-body-parser/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-json-body-parser/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-response-serializer](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-response-serializer/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-response-serializer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-response-serializer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-response-serializer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-response-serializer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/validator](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fvalidator/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fvalidator/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fvalidator/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fvalidator/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fvalidator/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>middyjs/middy (@&#8203;middy/core)</summary>

### [`v4.6.0`](https://togithub.com/middyjs/middy/releases/tag/4.6.0)

[Compare Source](https://togithub.com/middyjs/middy/compare/4.5.5...4.6.0)

##### What's Changed

-   \[secret-manager]: Add in support for secret rotation date by [@&#8203;KillDozerX2](https://togithub.com/KillDozerX2) in [https://github.com/middyjs/middy/pull/1064](https://togithub.com/middyjs/middy/pull/1064)
-   docs: update `01-intro.md`'s `validator` usage by [@&#8203;aqaengineering](https://togithub.com/aqaengineering) in [https://github.com/middyjs/middy/pull/1081](https://togithub.com/middyjs/middy/pull/1081)

##### New Contributors

-   [@&#8203;aqaengineering](https://togithub.com/aqaengineering) made their first contribution in [https://github.com/middyjs/middy/pull/1081](https://togithub.com/middyjs/middy/pull/1081)

**Full Changelog**: middyjs/middy@4.5.5...4.6.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/SvenKirschbaum/share.kirschbaum.cloud).
mergify bot referenced this pull request in SvenKirschbaum/aws-utils Aug 13, 2023
@renovate
Update middy to v4.6.0 (#29)
5ac2387 
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@middy/core](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fcore/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fcore/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fcore/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fcore/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fcore/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/error-logger](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2ferror-logger/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2ferror-logger/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2ferror-logger/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2ferror-logger/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2ferror-logger/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-error-handler](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-error-handler/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-error-handler/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-error-handler/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-error-handler/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-error-handler/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-header-normalizer](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-header-normalizer/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-header-normalizer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-header-normalizer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-header-normalizer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-header-normalizer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |
| [@middy/http-response-serializer](https://middy.js.org) ([source](https://togithub.com/middyjs/middy)) | [`4.5.5` -> `4.6.0`](https://renovatebot.com/diffs/npm/@middy%2fhttp-response-serializer/4.5.5/4.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@middy%2fhttp-response-serializer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@middy%2fhttp-response-serializer/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@middy%2fhttp-response-serializer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@middy%2fhttp-response-serializer/4.5.5/4.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>middyjs/middy (@&#8203;middy/core)</summary>

### [`v4.6.0`](https://togithub.com/middyjs/middy/releases/tag/4.6.0)

[Compare Source](https://togithub.com/middyjs/middy/compare/4.5.5...4.6.0)

##### What's Changed

-   \[secret-manager]: Add in support for secret rotation date by [@&#8203;KillDozerX2](https://togithub.com/KillDozerX2) in [https://github.com/middyjs/middy/pull/1064](https://togithub.com/middyjs/middy/pull/1064)
-   docs: update `01-intro.md`'s `validator` usage by [@&#8203;aqaengineering](https://togithub.com/aqaengineering) in [https://github.com/middyjs/middy/pull/1081](https://togithub.com/middyjs/middy/pull/1081)

##### New Contributors

-   [@&#8203;aqaengineering](https://togithub.com/aqaengineering) made their first contribution in [https://github.com/middyjs/middy/pull/1081](https://togithub.com/middyjs/middy/pull/1081)

**Full Changelog**: middyjs/middy@4.5.5...4.6.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/SvenKirschbaum/aws-utils).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KillDozerX2 KillDozerX2 KillDozerX2 approved these changes

Assignees

@willfarrell willfarrell

Labels
enhancement
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[@middy/secrets-manager] Add conditional caching based on Rotation Window
2 participants
@willfarrell @KillDozerX2