-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(config): support loading secrets from files and directories #21282
base: master
Are you sure you want to change the base?
Conversation
fc34ad1
to
e293fce
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies @tie ! This one fell off my radar. I found it again skimming open PRs. This looks like a great addition. I appreciate you adding the behavior tests.
Could you add a changelog fragment here? I attempted to, but I'm not able to push to this branch. You can apply this diff: ffbf204849 - (HEAD -> tie/master) add changelog entry (32 seconds ago) <Jesse Szwedko>
diff --git a/changelog.d/add-file-secrets.enhancement.md b/changelog.d/add-file-secrets.enhancement.md
new file mode 100644
index 0000000000..6c80fe8540
--- /dev/null
+++ b/changelog.d/add-file-secrets.enhancement.md
@@ -0,0 +1,4 @@
+Vector now supports two additional back-ends for loading secrets: `file`, for leading a set of
+secrets from a JSON file, and `directory`, for loading secrets from a list of files.
+
+authors: tie |
This change allows loading secrets from files in directories. In particular, this is useful for loading secrets from systemd credentials directory (see https://systemd.io/CREDENTIALS) and similar mechanisms.
@jszwedko, done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
This change adds a secrets backend that retrieves secrets from files and directories. For example, this is useful for loading secrets from systemd credentials directory and similar mechanisms.
E.g.
SECRET[systemd_credentials.password.txt]
→$CREDENTIALS_DIRECTORY/password.txt
Closes #20747
References: