-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secret type to represent secrets and integrate with the secrets handling #1232
base: main
Are you sure you want to change the base?
Conversation
The type is What about supporting the existing types as secrets? Or at most maybe adding a wrapper e.g. Also please look into how Elytron does password encoding because it could be relevant. |
Yes, I was not too certain about the name, but the rationale was to keep it consistent with what we already have,
What do you mean? This only extends
We need the mapping generator to identify which elements are considered secrets. Either we provide a list of types for that case, or maybe we can make it work generically with a wrapper type. Let me see what I can do. |
} | ||
|
||
@Override | ||
public ConfigValue getValue(final ConfigSourceInterceptorContext context, final String name) { | ||
if (SecretKeys.isLocked() && secrets.contains(name)) { | ||
if (SecretKeys.isLocked() && secrets.contains(new PropertyName(name))) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Creating a new PropertyTime
every time getValue
is called may impact performance, perhaps consider iterating the Set
and comparing the name instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was to move forward with the implementation. I haven't profiled the code yet, but I am not too worried about it because when we are populating the config, the secrets are unlocked, but I'll have a look. Thanks!
I've moved We need to figure out how to handle the nested converters piece. I'm wondering if we should support nested converter creation automatically. |
//cc @sberyozkin @gsmet @yrodiere |
Adds a new wrapper type,
Secret<T>
, to represent a secret. When aSecret
is part of a mapping, the path is added to the Secrets interceptor, to not include the secret in property names or access the secret without callingSecretKeys.doUnlocked
.This is initial work to support more advanced scenarios around secrets, that we should discuss.