Support for versioned secrets #4

ramizpolic · 2023-08-29T19:32:17Z

Idea

We would like to have versioned API operations (fetching/querying/updating) on supported providers, as well as secret key version rewrites.

Strategy

All implementations of StoreClient should take into account SecretKey.Version field.
Additionally, RegexpRewrite should be extended to allow specifying which SecretKey field to rewrite, for example:

type RegexpRewrite struct {
	Field string `json:"field"` // make this an enum with values: "Key", "Version"
	Source string `json:"source"`
	Target string `json:"target"`
}

Acceptance criteria

Running the following sync plan will:

Sync secret a with version 3
Sync all secrets with version 2 for path d/d/d
Sync secret a with version 5 into secret a with version 6

plan:
  - secret:
      key: "a"
      version: "3"
  - query:
      path: "d/d/d"
      key:
        regexp: .*
      version:
        regexp: "2"
  - secret:
      key: "a"
      version: "5"
    rewrite:
      - regexp:
          field: "Key"
          source: "a" # key queries are executed on Key only
          target: "b"
      - regexp:
          field: "Version"
          source: ".*#5" # versioned queries are executed on Key#Version
          target: "6"

This needs to be discussed with the rest of the team.
Feel free to suggest a better implementation plan.

The text was updated successfully, but these errors were encountered:

ramizpolic changed the title ~~Add support for versioned secret keys~~ Support for versioned secret keys Sep 4, 2023

ramizpolic changed the title ~~Support for versioned secret keys~~ Support for versioned secrets Sep 4, 2023

github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Dec 3, 2023

ramizpolic added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Dec 4, 2023

ramizpolic added this to the v0.2.0 milestone Dec 4, 2023

ramizpolic removed the lifecycle/keep Denotes an issue or PR that should be preserved from going stale. label Dec 8, 2023

github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 18, 2024

ramizpolic removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 22, 2024

github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 28, 2024

csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 28, 2024

ramizpolic modified the milestones: v0.2.0, v0.3.0 Jun 11, 2024

github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Aug 11, 2024

csatib02 added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Aug 11, 2024

bank-vaults deleted a comment from github-actions bot Aug 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for versioned secrets #4

Support for versioned secrets #4

ramizpolic commented Aug 29, 2023

Support for versioned secrets #4

Support for versioned secrets #4

Comments

ramizpolic commented Aug 29, 2023

Idea

Strategy

Acceptance criteria