Secrets
This section assumes
my-connector
project has been generated.
Connectors often connect to external entities such as databases
, message brokers
, or APIs
that require a confidential authentication key.
Connectors offers this facility through secrets
.
Use Secrets
Let's define a file of secrets (one secret per line) in the following format:
SECRET_NAME=SECRET_VALUE
SECRET_NAME_2=SUPER_SECRET_VALUE
Deploy connectors with a --secrets
flag to pass a file with the secrets definitions:
$ cdk deploy start --config sample-config.yaml --secrets secrets.txt
Code to indicate that a connector config parameter can contain a secret should use the SecretString
type. This allows the parameter to receive secrets which are not printable to logs.
use fluvio_connector_common::{connector, secret::SecretString};
#[derive(Debug)]
#[connector(config, name = "myconnector")]
pub(crate) struct MyConnectorConfig {
/// A parameter receiving a secret string
pub a_param: SecretString,
// -- snip --
}
This allows a config file to provision secrets to the connector.
# config-example.yaml
apiVersion: 0.1.0
meta:
version: 0.1.0
name: instancename
type: my-connector
topic: atopicname
secrets:
- name: SECRET_NAME
myconnector:
a_param: "${{ secrets.SECRET_NAME }}_${{ secrets.SECRET_NAME_2 }}"
More extensive examples of secrets in connectors can be seen in use with the Http Source connector and the github repo https://github.com/infinyon/http-source-connector.
In the next section, we'll publish our connector to the Hub.