Add EIP 0038: secret registry for data-integration templates#107
Open
zmstone wants to merge 1 commit into
Open
Add EIP 0038: secret registry for data-integration templates#107zmstone wants to merge 1 commit into
zmstone wants to merge 1 commit into
Conversation
savonarola
reviewed
May 28, 2026
|
|
||
| * `emqx_template` (the main template renderer used by HTTP bridge | ||
| headers, URLs, bodies, and by `emqx_auth_http_utils`). | ||
| * `emqx_placeholder` (the legacy placeholder substitutor used in |
Contributor
There was a problem hiding this comment.
Maybe it makes sence in v7 to
- get rid of legacy templating
- make a more or less frormal spec for the template syntax
We have another tasks requiring templating changes, e.g. support of table name interpolation, so it would be nice to reduce adhoc changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces a cluster-wide secret registry application that stores named byte strings, exposes a management HTTP API gated under the existing
data_integrationAPI-key scope, and surfaces values to consumers through three access paths matched to the shape of each consumer:$secret{<name>}placeholder for template-rendered output (HTTP bridge headers / URLs / bodies, authn / authz HTTP request templates) — log-channel-safe; the placeholder is preserved verbatim in every trace / debug path while the wire sees the substituted value.get_secret('<name>')rule SQL function as an escape hatch for cases where the secret value must participate in a SQL expression (HMAC signing, multi-input composition). Documented to leak through rule trace output when tracing is enabled — used sparingly.secret://<name>URI for HOCON secret-typed fields (action / source / connector passwords and API tokens). Slots into the existingemqx_schema_secret/emqx_secret_loader/emqx_utils_redactplumbing as a parallel clause tofile://.Targets EMQX v7.
Read-back via the management API returns metadata only — the stored byte string never leaves the broker except through one of the three resolution paths above. Backup / export excludes the registry by default.
Non-goals for v1: encryption at rest with broker-managed master key (defer to filesystem encryption), external secret-broker integration (Vault, AWS Secrets Manager), and automatic rotation / TTL.
Declined alternatives documented in the EIP: rule function as the only access surface, encryption at rest, external broker integration, returning the value via GET, TTL / auto-rotation, and allowing the placeholder in MQTT topics / payloads.