SecretManagerConfigProvider¶
com.github.jcustenborder.kafka.config.gcloud.SecretManagerConfigProvider
This config provider is used to retrieve secrets from the Google Cloud Secret Manager service.
Tip
Config providers can be used with anything that supports the AbstractConfig base class that is shipped with Apache Kafka.
Secret Value¶
The value for the secret must be formatted as a JSON object. This allows multiple keys of data to be stored in a single secret. The name of the secret in Google Cloud Secret Manager will correspond to the path that is requested by the config provider.
{
"username" : "${secretManager:secret/test/some/connector:username}",
"password" : "${secretManager:secret/test/some/connector:password}"
}
Secret Retrieval¶
The ConfigProvider will use the name of the secret and the project id to build the Resource ID for the secret. For example assuming you configured the ConfigProvider with config.providers.secretsManager.param.project.id=1234 and requested the secret with ${secretsManager:test-secret}, the ConfigProvider will build a Resource ID of projects/1234/secrets/test-secret/versions/latest. Some behaviors can be overridden by query string parameters. More than one query string parameter can be used. For example ${secretsManager:test-secret?ttl=30000&version=1}
Parameter | Description | Default | Example |
---|---|---|---|
ttl | Used to override the TTL for the secret. | Value specified by config.providers.secretsManager.param.secret.ttl.ms | ${secretsManager:test-secret?ttl=60000} |
version | Used to override the version of the secret. | latest | ${secretsManager:test-secret?version=1} |
projectid | Used to override the project id of the secret. | Value specified by config.providers.secretsManager.param.project.id | ${secretsManager:test-secret?projectid=4321} |
Configuration¶
General¶
credential.location¶
asdfasdfasdfasd
Importance: HIGH
Type: STRING
Default Value: ApplicationDefault
Validator: Matches: ApplicationDefault
, File
, Inline
secret.prefix¶
Sets a prefix that will be added to all paths. For example you can use staging or production and all of the calls to Secrets Manager will be prefixed with that path. This allows the same configuration settings to be used across multiple environments.
Importance: LOW
Type: STRING
secret.ttl.ms¶
The minimum amount of time that a secret should be used. After this TTL has expired Secrets Manager will be queried again in case there is an updated configuration.
Importance: LOW
Type: LONG
Default Value: 300000
Validator: [1000,…]