From 5f6f5e8a11154ee1648476082dd26db9e3266434 Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Fri, 18 Jul 2025 13:45:04 -0400 Subject: [PATCH 1/3] adding config options --- pkg/config/config_template.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pkg/config/config_template.yaml b/pkg/config/config_template.yaml index 3d9fd8aa3932f8..41a43e811d2cdf 100644 --- a/pkg/config/config_template.yaml +++ b/pkg/config/config_template.yaml @@ -864,6 +864,24 @@ api_key: # # windows_use_pythonpath: false {{ end }} +## @param secret_refresh_interval - integer - optional +## @env DD_SECRET_REFRESH_INTERVAL - integer - optional +## +## `secret_refresh_interval` is the interval (in seconds) at which api/app key secrets are refreshed. +## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime +## +# +# secret_refresh_interval: + +## @param secret_refresh_scatter - boolean - optional +## @env DD_SECRET_REFRESH_SCATTER - boolean - optional +## +## `secret_refresh_scatter`, if set to true, will randomize the first secret refresh. `secret_refresh_interval` needs to be set +## for this to take effect. This is useful to avoid all agents refreshing secrets at the same time. +## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime +## +# secret_refresh_scatter: + ## @param secret_backend_type - string - optional ## @env DD_SECRET_BACKEND_TYPE - string - optional ## This feature is in preview. From c6e054e9dae953523e796b31d06efb356cdf1288 Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Wed, 23 Jul 2025 10:53:34 -0400 Subject: [PATCH 2/3] addressing comments --- pkg/config/config_template.yaml | 36 ++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/pkg/config/config_template.yaml b/pkg/config/config_template.yaml index 41a43e811d2cdf..72524f9ecc0c2d 100644 --- a/pkg/config/config_template.yaml +++ b/pkg/config/config_template.yaml @@ -864,24 +864,6 @@ api_key: # # windows_use_pythonpath: false {{ end }} -## @param secret_refresh_interval - integer - optional -## @env DD_SECRET_REFRESH_INTERVAL - integer - optional -## -## `secret_refresh_interval` is the interval (in seconds) at which api/app key secrets are refreshed. -## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime -## -# -# secret_refresh_interval: - -## @param secret_refresh_scatter - boolean - optional -## @env DD_SECRET_REFRESH_SCATTER - boolean - optional -## -## `secret_refresh_scatter`, if set to true, will randomize the first secret refresh. `secret_refresh_interval` needs to be set -## for this to take effect. This is useful to avoid all agents refreshing secrets at the same time. -## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime -## -# secret_refresh_scatter: - ## @param secret_backend_type - string - optional ## @env DD_SECRET_BACKEND_TYPE - string - optional ## This feature is in preview. @@ -905,6 +887,24 @@ api_key: # secret_backend_config: # : +## @param secret_refresh_interval - integer - optional +## @env DD_SECRET_REFRESH_INTERVAL - integer - optional +## +## `secret_refresh_interval` is the interval (in seconds) at which api/app key secrets are refreshed. +## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime +## +# +# secret_refresh_interval: 3600 + +## @param secret_refresh_scatter - boolean - optional +## @env DD_SECRET_REFRESH_SCATTER - boolean - optional +## +## `secret_refresh_scatter`, if set to true, will randomize the first secret refresh. `secret_refresh_interval` needs to be set +## for this to take effect. This prevents a fleet of Agents from having a deployment where they refresh their secrets at the same time. +## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime +## +# secret_refresh_scatter: true + ## @param secret_backend_command - string - optional ## @env DD_SECRET_BACKEND_COMMAND - string - optional ## `secret_backend_command` is the path to your custom script to execute to fetch secrets. From f407f0ce1f3cba8cd85b4d744a249802e255042e Mon Sep 17 00:00:00 2001 From: rahulkaukuntla <144174402+rahulkaukuntla@users.noreply.github.com> Date: Thu, 24 Jul 2025 09:02:28 -0400 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: maxime mouial --- pkg/config/config_template.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/config/config_template.yaml b/pkg/config/config_template.yaml index 3f48ede3c76977..9c56798726f251 100644 --- a/pkg/config/config_template.yaml +++ b/pkg/config/config_template.yaml @@ -888,20 +888,20 @@ api_key: # secret_backend_config: # : -## @param secret_refresh_interval - integer - optional -## @env DD_SECRET_REFRESH_INTERVAL - integer - optional +## @param secret_refresh_interval - integer - optional - default 0 +## @env DD_SECRET_REFRESH_INTERVAL - integer - optional - default 0 ## -## `secret_refresh_interval` is the interval (in seconds) at which api/app key secrets are refreshed. +## `secret_refresh_interval` is the interval (in seconds) at which api/app key secrets are refreshed. A 0 value means the feature is disabled. ## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime ## # -# secret_refresh_interval: 3600 +# secret_refresh_interval: 0 -## @param secret_refresh_scatter - boolean - optional -## @env DD_SECRET_REFRESH_SCATTER - boolean - optional +## @param secret_refresh_scatter - boolean - optional - default true +## @env DD_SECRET_REFRESH_SCATTER - boolean - optional - default true ## ## `secret_refresh_scatter`, if set to true, will randomize the first secret refresh. `secret_refresh_interval` needs to be set -## for this to take effect. This prevents a fleet of Agents from having a deployment where they refresh their secrets at the same time. +## for this to take effect. This prevents a fleet of Agents from refreshing their secrets at the same time. ## For more information see: https://docs.datadoghq.com/agent/configuration/secrets-management/#refreshing-apiapp-keys-at-runtime ## # secret_refresh_scatter: true