Connectors often connect to external entities such as databases, message brokers, or APIs that require a confidential authentication key.
Connectors offers this facility through secrets.
Deploy connectors with a --secrets flag to pass a file with the secrets definitions:
$ cdk deploy start --config sample-config.yaml --secrets secrets.txt
In the secrets file, you should define a secret per line in the format SECRET_NAME=SECRET_VALUE:
SECRET_NAME=SECRET_VALUE
SECRET_NAME_2=SUPER_SECRET_VALUE
Code to indicate that a connector config parameter can contain a secret should use the SecretString type. This allows the parameter to receive secrets which are not printable to logs.
use fluvio_connector_common::{connector, secret::SecretString};
#[derive(Debug)]
#[connector(config, name = "myconnector")]
pub(crate) struct MyconnectorConfig {
/// A parameter receiving a secret string
pub a_param: SecretString,
...
}
This allows a config file to provision secrets to the connector.
# config-example.yaml
apiVersion: 0.1.0
meta:
version: 0.3.0
name: instancename
type: my-connector
topic: atopicname
create-topic: true
secrets:
- name: SECRET_NAME
myconnector:
a_param: "${{ secrets.SECRET_NAME }}_${{ secrets.SECRET_NAME_2 }}"
More extensive examples of secrets in connectors can be seen in use with the Http Source connector and its repo https://github.com/infinyon/http-source-connector.
In the next section we’ll publish our connector to the Hub.
