Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Secret Manager Integration: Allow configurable arbitrary secret prefixes #1442

Closed
ChristianMattarVT opened this issue Aug 24, 2022 · 2 comments · Fixed by #1610
Closed

AWS Secret Manager Integration: Allow configurable arbitrary secret prefixes #1442

ChristianMattarVT opened this issue Aug 24, 2022 · 2 comments · Fixed by #1610
Labels
info: good first issue Good for newcomers type: enhancement New feature or request

Comments

@ChristianMattarVT
Copy link

Feature description

I've been investigating the Micronaut AWS Secret Manager integration. Initial setup works like a charm.
However, in our setup we have several secrets which are shared in various ways among different applications, e.g.
Secret 1 is used by Application A and Application B
Secret 2 is used by Application B and Application C.

The AWS IAM permissions are set up so that each application only has access to secrets that it sees.
If we make the secrets available using a common prefix (e.g. based on commonApplicationName), then, once Micronaut encounters a secret to which it has no access, it will stop fetching due to the exception.

Some ideas for improvements:

  • Allow an arbitrarily configurable list of secrets to scan, instead of just based on applicationName and commonApplicationName
  • Recover gracefully when iterating through all the listed secrets, and one is encountered where access is denied. This would allow to scan all secrets that are stored and just load those that are accessible.

Thank you!
@graemerocher graemerocher added type: enhancement New feature or request info: good first issue Good for newcomers labels Dec 2, 2022
@breader124
Copy link
Contributor

Hey, I'll try to solve it

@breader124
Copy link
Contributor

I managed to reproduce the issue described in the first post and will continue working on it

breader124 pushed a commit to breader124/micronaut-aws that referenced this issue Feb 12, 2023
fix(micronaut-projectsGH-1442): handle SecretsManagerException thrown…
5ccb715 
… when fetching secrets
breader124 pushed a commit to breader124/micronaut-aws that referenced this issue Feb 12, 2023
fix(micronaut-projectsGH-1442): handle SecretsManagerException thrown…
11aa4d5 
… when fetching secrets
breader124 pushed a commit to breader124/micronaut-aws that referenced this issue Feb 12, 2023
fix(micronaut-projectsGH-1442): handle SecretsManagerException thrown…
8045477 
… when fetching secrets
breader124 pushed a commit to breader124/micronaut-aws that referenced this issue Feb 12, 2023
fix(micronaut-projectsGH-1442): handle SecretsManagerException thrown…
f013f1a 
… when fetching secrets
@breader124 breader124 mentioned this issue Feb 12, 2023
Merged
breader124 added a commit to breader124/micronaut-aws that referenced this issue Feb 12, 2023
@breader124
fix(micronaut-projectsGH-1442): handle SecretsManagerException thrown…
1d87f2a 
… when fetching secrets
sdelamo pushed a commit that referenced this issue Feb 26, 2023
@breader124
fix(GH-1442): handle SecretsManagerException thrown when fetching sec…
bbafe05 
…rets (#1610)
sdelamo pushed a commit that referenced this issue Feb 26, 2023
@breader124 @sdelamo
fix(GH-1442): handle SecretsManagerException thrown when fetching sec…
fcbeb35 
…rets (#1610)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
info: good first issue Good for newcomers type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GH-1442: Handle SecretsManagerException thrown when fetching secrets breader124/micronaut-aws
3 participants
@graemerocher @breader124 @ChristianMattarVT