Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(config): support loading secrets from files and directories #21282

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(config): support loading secrets from files and directories #21282

wants to merge 4 commits into from

Conversation

tie
Copy link

@tie tie commented Sep 12, 2024
edited
Loading

This change adds a secrets backend that retrieves secrets from files and directories. For example, this is useful for loading secrets from systemd credentials directory and similar mechanisms.
E.g.

[secret.systemd_credentials]
type = "directory"
path = "$CREDENTIALS_DIRECTORY"
remove_trailing_whitespace = true

SECRET[systemd_credentials.password.txt]$CREDENTIALS_DIRECTORY/password.txt

Closes #20747

References:

@bits-bot
Copy link

bits-bot commented Sep 12, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added the domain: external docs Anything related to Vector's external, public documentation label Sep 12, 2024
@tie tie force-pushed the master branch 2 times, most recently from fc34ad1 to e293fce Compare September 12, 2024 14:22
@tie tie marked this pull request as ready for review September 12, 2024 14:34
@tie tie requested review from a team as code owners September 12, 2024 14:34
jszwedko
jszwedko approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies @tie ! This one fell off my radar. I found it again skimming open PRs. This looks like a great addition. I appreciate you adding the behavior tests.

@jszwedko
Copy link
Member

Could you add a changelog fragment here? I attempted to, but I'm not able to push to this branch. You can apply this diff:

ffbf204849 - (HEAD -> tie/master) add changelog entry (32 seconds ago) <Jesse Szwedko>
diff --git a/changelog.d/add-file-secrets.enhancement.md b/changelog.d/add-file-secrets.enhancement.md
new file mode 100644
index 0000000000..6c80fe8540
--- /dev/null
+++ b/changelog.d/add-file-secrets.enhancement.md
@@ -0,0 +1,4 @@
+Vector now supports two additional back-ends for loading secrets: `file`, for leading a set of
+secrets from a JSON file, and `directory`, for loading secrets from a list of files.
+
+authors: tie

@tie
feat(config): Support loading secrets from files
5a06f2a
@tie
feat(config): Support loading secrets from directories
50d3ed4 
This change allows loading secrets from files in directories. In
particular, this is useful for loading secrets from systemd credentials
directory (see https://systemd.io/CREDENTIALS) and similar mechanisms.
@tie
chore: Update spelling dictionary
c82f155
@tie
chore: Add changelog entry for file/directory secrets backends
6d06045
@tie
Copy link
Author

tie commented Oct 15, 2024

@jszwedko, done.

jszwedko
jszwedko approved these changes Oct 15, 2024
View reviewed changes
Copy link
Member

@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jszwedko jszwedko jszwedko approved these changes

@estherk15 estherk15 estherk15 approved these changes

Assignees
No one assigned
Labels
domain: external docs Anything related to Vector's external, public documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support reading auth token from file
4 participants
@tie @bits-bot @jszwedko @estherk15