Skip to main content
Version: 0.11.10 (stable)

Secrets

This section assumes my-connector project has been generated.

Connectors often connect to external entities such as databases, message brokers, or APIs that require a confidential authentication key.

Connectors offers this facility through [secrets].

Use Secrets

Deploy connectors with a --secrets flag to pass a file with the secrets definitions:

$ cdk deploy start --config sample-config.yaml --secrets secrets.txt

In the secrets file, you should define a secret per line in the format SECRET_NAME=SECRET_VALUE:

SECRET_NAME=SECRET_VALUE
SECRET_NAME_2=SUPER_SECRET_VALUE

Code to indicate that a connector config parameter can contain a secret should use the SecretString type. This allows the parameter to receive secrets which are not printable to logs.

use fluvio_connector_common::{connector, secret::SecretString};

#[derive(Debug)]
#[connector(config, name = "myconnector")]
pub(crate) struct MyConnectorConfig {
/// A parameter receiving a secret string
pub a_param: SecretString,
// -- snip --
}

This allows a config file to provision secrets to the connector.

# config-example.yaml
apiVersion: 0.1.0
meta:
version: 0.3.0
name: instancename
type: my-connector
topic: atopicname
create-topic: true
secrets:
- name: SECRET_NAME
myconnector:
a_param: "${{ secrets.SECRET_NAME }}_${{ secrets.SECRET_NAME_2 }}"

More extensive examples of secrets in connectors can be seen in use with the Http Source connector and its repo https://github.com/infinyon/http-source-connector.

In the next section we'll publish our connector to the Hub.

Steps

  1. Generate a Connector
  2. Build and Test
  3. Start and Shutdown
  4. Troubleshooting
  5. Secrets
  6. Publish to Connector Hub
  7. Use Examples in Github