=========================== SecretManagerConfigProvider =========================== .. code-block:: text com.github.jcustenborder.kafka.config.gcloud.SecretManagerConfigProvider This config provider is used to retrieve secrets from the Google Cloud Secret Manager service. .. TIP:: Config providers can be used with anything that supports the AbstractConfig base class that is shipped with Apache Kafka. ------------ Secret Value ------------ The value for the secret must be formatted as a JSON object. This allows multiple keys of data to be stored in a single secret. The name of the secret in Google Cloud Secret Manager will correspond to the path that is requested by the config provider. .. code-block:: json :caption: Example Secret Value { "username" : "${secretManager:secret/test/some/connector:username}", "password" : "${secretManager:secret/test/some/connector:password}" } ---------------- Secret Retrieval ---------------- The ConfigProvider will use the name of the secret and the project id to build the Resource ID for the secret. For example assuming you configured the ConfigProvider with `config.providers.secretsManager.param.project.id=1234` and requested the secret with `${secretsManager:test-secret}`, the ConfigProvider will build a Resource ID of `projects/1234/secrets/test-secret/versions/latest`. Some behaviors can be overridden by query string parameters. More than one query string parameter can be used. For example `${secretsManager:test-secret?ttl=30000&version=1}` +-----------+------------------------------------------------+--------------------------------------------------------------------------+------------------------------------------------+ | Parameter | Description | Default | Example | +===========+================================================+==========================================================================+================================================+ | ttl | Used to override the TTL for the secret. | Value specified by `config.providers.secretsManager.param.secret.ttl.ms` | `${secretsManager:test-secret?ttl=60000}` | +-----------+------------------------------------------------+--------------------------------------------------------------------------+------------------------------------------------+ | version | Used to override the version of the secret. | latest | `${secretsManager:test-secret?version=1}` | +-----------+------------------------------------------------+--------------------------------------------------------------------------+------------------------------------------------+ | projectid | Used to override the project id of the secret. | Value specified by `config.providers.secretsManager.param.project.id` | `${secretsManager:test-secret?projectid=4321}` | +-----------+------------------------------------------------+--------------------------------------------------------------------------+------------------------------------------------+ .. toctree:: :maxdepth: 1 :caption: Examples: :glob: examples/SecretManagerConfigProvider.* ------------- Configuration ------------- ^^^^^^^ General ^^^^^^^ """""""""" project.id """""""""" project.id **Importance:** HIGH **Type:** LONG """"""""""""""" credential.file """"""""""""""" credential.file **Importance:** HIGH **Type:** STRING """"""""""""""""" credential.inline """"""""""""""""" credential.inline **Importance:** HIGH **Type:** STRING """"""""""""""""""" credential.location """"""""""""""""""" asdfasdfasdfasd **Importance:** HIGH **Type:** STRING **Default Value:** ApplicationDefault **Validator:** Matches: ``ApplicationDefault``, ``File``, ``Inline`` """"""""""""" secret.prefix """"""""""""" Sets a prefix that will be added to all paths. For example you can use `staging` or `production` and all of the calls to Secrets Manager will be prefixed with that path. This allows the same configuration settings to be used across multiple environments. **Importance:** LOW **Type:** STRING """"""""""""" secret.ttl.ms """"""""""""" The minimum amount of time that a secret should be used. After this TTL has expired Secrets Manager will be queried again in case there is an updated configuration. **Importance:** LOW **Type:** LONG **Default Value:** 300000 **Validator:** [1000,...]