Should a SecretProvider have a default secret name mutation #242
stijnmoreels
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Right now, when adding a ISecretProvider implementation to the SecretStoreBuilder, a Func can be specified for mutating the secretname before the secret is retrieved.
I'm wondering if the ISecretProvider implementations should have a default secretname mutation baked in ? If we look at the ConfigurationProviders in .NET for instance, we pass in a 'hierarchical' config value, the colon (:) is used as separator. However, for environment variables, the separator is __ and in KeyVault, the separator is --.
Therefore, I'm wondering if each ISecretProvider implementation should have a default 'mutation scheme' implemented. This would allow users of secretproviders to be oblivious on how the secretname should be mutated.
It will allow users to specify that the secret ConnectionStrings:MyDatabase must be retrieved, and each SecretProvider implementation that is used, makes sure that the secretname is changed to the correct pattern. The KeyVault provider makes sure that a secret named ConnectionStrings--MyDatabase is looked up; the DockerSecretsProvider searches for a secret named ConnectionStrings__MyDatabase.
See also the discussion in this PR: #171 (comment)
Original issue: #199
Beta Was this translation helpful? Give feedback.
All reactions