Skip to content

Add Recursive Secret Discovery, Combining Secrets, and Key Normalization #1040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add Recursive Secret Discovery, Combining Secrets, and Key Normalization #1040

wants to merge 10 commits into from

Conversation

perestoronin
Copy link

@perestoronin perestoronin commented Mar 26, 2025
edited
Loading

Add Recursive Secret Discovery, Combining Secrets, and Key Normalization

Overview

This PR introduces:

  1. Recursive Secret Discovery: List secrets under a specified Vault root path.
  2. Combine Secrets: Merge multiple secrets into one Kubernetes Secret.
  3. Key Normalization: Convert keys to SCREAMING_SNAKE_CASE.

These features are optional and backward-compatible.

Key Changes

1. CRD Updates

New fields added under syncConfig:

  • vaultRootPath (optional): Root path for recursive discovery.
  • combineSecrets (default: true): Combine secrets into one.
  • normalizeToScreamingCase (default: true): Normalize keys.

Example:

syncConfig:
  vaultRootPath: "secret/data/my-app"
  combineSecrets: true
  normalizeToScreamingCase: true

Features

Recursive Secret Discovery

Performs a LIST request on the specified vaultRootPath.

Example:

secrets, err := listVaultSecrets(vaultClient, vss.Spec.SyncConfig.VaultRootPath)

Combine Secrets

Merges secrets into a single map if combineSecrets = true.

Example:

combinedData, err := processCombinedSecrets(ctx, vaultClient, secrets, true)

Key Normalization

Normalizes keys to SCREAMING_SNAKE_CASE using strcase.ToScreamingSnake.

Example:

normalizedKey := strcase.ToScreamingSnake(key)

Usage Examples

Combined Secrets

syncConfig:
  vaultRootPath: "secret/data/my-app"
  combineSecrets: true
  normalizeToScreamingCase: true

Individual Secrets

syncConfig:
  vaultRootPath: "secret/data/my-app"
  combineSecrets: false
  normalizeToScreamingCase: true

Backward Compatibility

  • Existing configurations without syncConfig remain unaffected.
  • New features are optional and require explicit configuration.

Conclusion

This PR enhances VSO with recursive secret discovery, combining secrets, and key normalization while maintaining backward compatibility. Feedback is welcome!

@perestoronin perestoronin requested a review from a team as a code owner March 26, 2025 15:25
@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Mar 26, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hashicorp-cla-app HashiCorp CLA App
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@perestoronin
Update secrets.hashicorp.com_vaultstaticsecrets.yaml
12e81f6 
Add combineSecrets, normalizeEnvVars
@perestoronin
Update vaultstaticsecret_controller.go
f49de72 
Add logic combinedData, NormalizeEnvVars
@perestoronin perestoronin changed the title Add Support for Recursive Secret Discovery with vaultRootPath Add Support for Recursive Secret Discovery and Combining Secrets Mar 26, 2025
@perestoronin
Update secrets.hashicorp.com_vaultstaticsecrets.yaml
fe25b19 
Rename parameter to normalizeToScreamingCase
@perestoronin
Update vaultstaticsecret_controller.go
5172fe0 
Fix logic
@perestoronin
Update go.mod
da3ba59 
Add github.com/iancoleman/strcase v0.3.0
@perestoronin perestoronin changed the title Add Support for Recursive Secret Discovery and Combining Secrets Add Recursive Secret Discovery and Normalization Features Mar 26, 2025
@perestoronin perestoronin changed the title Add Recursive Secret Discovery and Normalization Features Add Recursive Secret Discovery, Combining Secrets, and Key Normalization Mar 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@perestoronin