New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Single property support for JSON based values of GCP Secret Manager integration #40056
Comments
Thanks for the proposal, @thecanadianroot. I'm afraid I disagree with @meltsufin here as I think this should be implemented alongside the support for We do have Perhaps there's an opportunity for some lower-level helper classes in Spring Boot that can establish some conventions for extracting a single value from some JSON and assigning it to a property or mapping a whole JSON document to configuration properties but I think we'd need to see multiple implementations doing similar things before we'd be in a position where it made sense to add such functionality to Boot. |
@wilkinsona Thanks for the feedback. Cloud Secret Manager doesn't have any JSON format. It simply allows storage and retrieval of secrets of type |
Thanks, @meltsufin. I'll close this one for now then. If this becomes something of a theme and we see the same requirement from other areas we can look at adding some common infrastructure to Spring Boot at that point. |
Enhancement feature request
This is an enhancement feature request that I've previously opened for GoogleCloudPlatform/spring-cloud-gcp and it was suggested to me that I open this feature request here instead.
Describe the solution you'd like
Not sure if I am the only one trying to inject a single key from a JSON based secret value with spring-cloud-gcp-secret-manager, but it would be great!
Let's say for example a new form that looks like this is added:
sm://<secret-id>/json/<JSONPath>
This could allow someone to pick a single value from let's say this JSON:
Content of
my-database
's secret within Secret Manager:Usage within Spring's application.yaml:
Describe alternatives you've considered
The example I gave above is really simplified and can be avoided by creating two secrets within the Secret Manager, but when you are dealing with many services you end up with a ton of secrets holding single values that, in the end, relates to only one service. Plus, if multiple values must be changed at the same time, new versions must be added to a lot of secrets instead of just one. Here's an example with a Kafka service:
Additional context
This feature request came to me since I am using the ExternalSecrets operator (https://external-secrets.io/latest/) for Kubernetes clusters, and it supports that kind of stuff with the Secret Manager:
Is this a feature that could be beneficial for the project? I'd like to think so. Feel free to ask me other questions if needed!
The text was updated successfully, but these errors were encountered: