SecretManagerConfigProvider

com.github.jcustenborder.kafka.config.gcloud.SecretManagerConfigProvider

This config provider is used to retrieve secrets from the Google Cloud Secret Manager service.

Tip

Config providers can be used with anything that supports the AbstractConfig base class that is shipped with Apache Kafka.

Secret Value

The value for the secret must be formatted as a JSON object. This allows multiple keys of data to be stored in a single secret. The name of the secret in Google Cloud Secret Manager will correspond to the path that is requested by the config provider.

Example Secret Value
{
  "username" : "${secretManager:secret/test/some/connector:username}",
  "password" : "${secretManager:secret/test/some/connector:password}"
}

Secret Retrieval

The ConfigProvider will use the name of the secret and the project id to build the Resource ID for the secret. For example assuming you configured the ConfigProvider with config.providers.secretsManager.param.project.id=1234 and requested the secret with ${secretsManager:test-secret}, the ConfigProvider will build a Resource ID of projects/1234/secrets/test-secret/versions/latest. Some behaviors can be overridden by query string parameters. More than one query string parameter can be used. For example ${secretsManager:test-secret?ttl=30000&version=1}

Parameter Description Default Example
ttl Used to override the TTL for the secret. Value specified by config.providers.secretsManager.param.secret.ttl.ms ${secretsManager:test-secret?ttl=60000}
version Used to override the version of the secret. latest ${secretsManager:test-secret?version=1}
projectid Used to override the project id of the secret. Value specified by config.providers.secretsManager.param.project.id ${secretsManager:test-secret?projectid=4321}

Examples:

Configuration

General

project.id

project.id

Importance: HIGH

Type: LONG

credential.file

credential.file

Importance: HIGH

Type: STRING

credential.inline

credential.inline

Importance: HIGH

Type: STRING

credential.location

asdfasdfasdfasd

Importance: HIGH

Type: STRING

Default Value: ApplicationDefault

Validator: Matches: ApplicationDefault, File, Inline

secret.prefix

Sets a prefix that will be added to all paths. For example you can use staging or production and all of the calls to Secrets Manager will be prefixed with that path. This allows the same configuration settings to be used across multiple environments.

Importance: LOW

Type: STRING

secret.ttl.ms

The minimum amount of time that a secret should be used. After this TTL has expired Secrets Manager will be queried again in case there is an updated configuration.

Importance: LOW

Type: LONG

Default Value: 300000

Validator: [1000,…]