feat(hubspot): add api_key_name support for Vault secret lookup by name#545
Merged
burmecia merged 3 commits intosupabase:mainfrom Jan 22, 2026
Merged
Conversation
## Summary Add `api_key_name` support to HubSpot FDW, enabling Vault secret lookup by name for environment-agnostic configuration. ### Infrastructure Changes (enables feature for all WASM FDWs) - Add `get-vault-secret-by-name` function to WIT interface (v1 and v2) - Implement host-side binding to call native `get_vault_secret_by_name` ### HubSpot FDW Changes - Add `api_key_name` option to HubSpot FDW authentication - Follow Stripe FDW implementation pattern - Update documentation with examples Fixes supabase#437
Add note explaining that HubSpot deprecated their legacy API Keys in November 2022 and that the api_key option accepts Private App Access Tokens, which is HubSpot's recommended authentication method. This helps address confusion reported in supabase#461.
2 tasks
- Remove `.cloned()` call on Option<String> (already owned) - Pass &key_id and &key_name to get_vault_secret functions (expects &str)
Member
|
Thanks @JohnCari for the PR! It's very cool feature 👍 , we will need a bit more time to do comprehensive testing on it. |
Contributor
Author
Member
not much at this moment, but if you have any good ideas just feel free to raise issue or PR. Thanks again for your excellent work! |
burmecia
approved these changes
Jan 22, 2026
DenisBessa
pushed a commit
to DenisBessa/wrappers
that referenced
this pull request
Mar 12, 2026
…me (supabase#545) * feat(hubspot): add api_key_name support for Vault secret lookup by name ## Summary Add `api_key_name` support to HubSpot FDW, enabling Vault secret lookup by name for environment-agnostic configuration. ### Infrastructure Changes (enables feature for all WASM FDWs) - Add `get-vault-secret-by-name` function to WIT interface (v1 and v2) - Implement host-side binding to call native `get_vault_secret_by_name` ### HubSpot FDW Changes - Add `api_key_name` option to HubSpot FDW authentication - Follow Stripe FDW implementation pattern - Update documentation with examples Fixes supabase#437 * docs(hubspot): clarify that api_key accepts Private App Access Token Add note explaining that HubSpot deprecated their legacy API Keys in November 2022 and that the api_key option accepts Private App Access Tokens, which is HubSpot's recommended authentication method. This helps address confusion reported in supabase#461. * fix: correct Rust type errors in api_key retrieval - Remove `.cloned()` call on Option<String> (already owned) - Pass &key_id and &key_name to get_vault_secret functions (expects &str)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
api_key_namesupport to HubSpot FDW, enabling Vault secret lookup by name for environment-agnostic configuration.This PR includes the complete infrastructure to support
api_key_namein WASM-based FDWs:Infrastructure Changes (enables feature for all WASM FDWs)
get-vault-secret-by-namefunction to WIT interface (v1 and v2)get_vault_secret_by_nameHubSpot FDW Changes
api_key_nameoption to HubSpot FDW authenticationapi_keyaccepts Private App Access Tokens (HubSpot deprecated legacy API Keys in November 2022)Changes
wasm-wrappers/wit/v1/utils.witget-vault-secret-by-nameto WIT interfacewasm-wrappers/wit/v2/utils.witget-vault-secret-by-nameto WIT interfacewrappers/src/fdw/wasm_fdw/host/utils.rswasm-wrappers/fdw/hubspot_fdw/src/lib.rsapi_key_namesupportdocs/catalog/hubspot.mdTesting
api_keyandapi_key_idBenefits
Using
api_key_nameenables environment-agnostic configuration - the same SQL works across dev, staging, and production as long as each environment has a Vault secret with the same name.Fixes #437
Relates to #461 (adds documentation clarifying that
api_keyaccepts Private App Access Tokens, not the deprecated legacy API Keys)