Secrets

This section assumes my-connector project has been generated.

Connectors often connect to external entities such as databases, message brokers, or APIs that require a confidential authentication key.

Connectors offers this facility through secrets.

Use Secrets

Let's define a file of secrets (one secret per line) in the following format:

SECRET_NAME=SECRET_VALUE
SECRET_NAME_2=SUPER_SECRET_VALUE

Deploy connectors with a --secrets flag to pass a file with the secrets definitions:

$ cdk deploy start --config sample-config.yaml --secrets secrets.txt

Code to indicate that a connector config parameter can contain a secret should use the SecretString type. This allows the parameter to receive secrets which are not printable to logs.

use fluvio_connector_common::{connector, secret::SecretString};

#[derive(Debug)]
#[connector(config, name = "myconnector")]
pub(crate) struct MyConnectorConfig {
    /// A parameter receiving a secret string
    pub a_param: SecretString,
    // -- snip --
}

This allows a config file to provision secrets to the connector.

# config-example.yaml
apiVersion: 0.1.0
meta:
  version: 0.1.0
  name: instancename
  type: my-connector
  topic: atopicname
  secrets:
    - name: SECRET_NAME
myconnector:
  a_param: "${{ secrets.SECRET_NAME }}_${{ secrets.SECRET_NAME_2 }}"

More extensive examples of secrets in connectors can be seen in use with the Http Source connector and the github repo https://github.com/infinyon/http-source-connector.

In the next section, we'll publish our connector to the Hub.