Skip to content

feat(config): Add support for v1.1 protocol of secrets exec backend #23655

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

feat(config): Add support for v1.1 protocol of secrets exec backend #23655

wants to merge 8 commits into from
+254 −9

Conversation

graphcareful
Copy link
Contributor

@graphcareful graphcareful commented Aug 26, 2025
edited
Loading

Summary

The exec backend within the secrets framework works to fetch secrets by execing a provided path to a binary and communicating with it over a simple (but established) protocol. This protocol is versioned and currently Vector only supports 1 version.

This PR introduces support for v1.1. An example of a program that is compliant with these new changes is the datadog-secrets-backend specifically the changes in the v1 branch which will eventually become part of the new standard.

The main changes to Vector were to include the backend configuration with each request to this binary. This means opening up new configuration options to the secrets global option.

Vector configuration

secret:
  exec_backend:
    type: "exec"
    command: [/usr/bin/datadog-secret-backend]
    protocol:
      version: v1_1
      backend_type: file.json
      backend_config:
        file_path: ~/secrets.json

sources:
  agent:
    type: "datadog_agent"
    address: 0.0.0.0:8282
    log_namespace: true

sinks:
  out:
    inputs:
      - "agent"
    type: "datadog_logs"
    default_api_key: SECRET[exec_backend.dd_logs_api_key]

How did you test this PR?

Using the config about and building the datadog-secrets-backend from source.

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

Notes

  • Please read our Vector contributor resources.
  • Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
  • Some CI checks run only after we manually approve them.
    • We recommend adding a pre-push hook, please see this template.
    • Alternatively, we recommend running the following locally before pushing to the remote branch:
      • cargo fmt --all
      • cargo clippy --workspace --all-targets -- -D warnings
      • cargo nextest run --workspace (alternatively, you can run cargo test --all)
  • After a review is requested, please avoid force pushes to help us review incrementally.
    • Feel free to push as many commits as you want. They will be squashed into one before merging.
    • For example, you can run git merge origin master and git push.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run cargo vdev build licenses to regenerate the license inventory and commit the changes (if any). More details here.

@graphcareful graphcareful requested a review from a team as a code owner August 26, 2025 17:20
@github-actions github-actions bot added the domain: ci Anything related to Vector's CI environment label Aug 26, 2025
@graphcareful graphcareful requested a review from bruceg August 26, 2025 17:22
graphcareful
graphcareful commented Aug 26, 2025
View reviewed changes
@graphcareful graphcareful force-pushed the rob/secrets-manager-v1_1 branch from 7d180fb to 43b11bb Compare August 26, 2025 17:52
@graphcareful graphcareful changed the title feat(secrets): Add support for v1.1 protocol of secrets exec backend feat(config): Add support for v1.1 protocol of secrets exec backend Aug 26, 2025
@graphcareful graphcareful added domain: config Anything related to configuring Vector and removed domain: ci Anything related to Vector's CI environment labels Aug 26, 2025
@graphcareful
Rename mock exec script and make it executable
e8faa77 
- That way its implementation can change without modifying the
  executables call site in the code.
@github-actions github-actions bot added the domain: ci Anything related to Vector's CI environment label Aug 27, 2025
emilychendd
emilychendd approved these changes Aug 27, 2025
View reviewed changes
Copy link

@emilychendd emilychendd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pront
pront approved these changes Aug 28, 2025
View reviewed changes
Copy link
Member

@pront pront left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@pront pront enabled auto-merge August 28, 2025 18:43
@pront pront added this pull request to the merge queue Aug 28, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Aug 28, 2025
@graphcareful graphcareful added this pull request to the merge queue Aug 29, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Aug 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bruceg bruceg bruceg approved these changes

@pront pront pront approved these changes

@emilychendd emilychendd emilychendd approved these changes

Assignees
No one assigned
Labels
domain: ci Anything related to Vector's CI environment domain: config Anything related to configuring Vector
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@graphcareful @bruceg @pront @emilychendd