Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secrets Source extensions #4139

Closed
mstoykov opened this issue Dec 19, 2024 · 0 comments · Fixed by #4514
Closed

Secrets Source extensions #4139

mstoykov opened this issue Dec 19, 2024 · 0 comments · Fixed by #4514
Assignees

Comments

@mstoykov
Copy link
Contributor

mstoykov commented Dec 19, 2024

What?

Implement a way to get secrets from extensible sources and hide them in logs.

This is implementation proposal for #3207

Public API

Configuration

new cli flag --secret-source to add a secret source to k6.

Which takes a secret source name, and identifier and additional configuration.
--secret-source=sourcename=identifier,option1=value1,option2=value2

JS API

(the exist import is under consideration)

import secrets from "k6/secrets";  
  
export default async () => {  
    const my_secret = await secrets.get("my_secret"); // get from 1 secret source if only 1, exception if more than 1 secret source or if no secret sources
    console.log(my_secret);  
}
import secrets from "k6/secrets";  
  
export default async () => {  
    const my_secret = await secrets.source("identifier").get("my_secret"); // get secret from a source with the provided identifier
    console.log(my_secret);
}

No other functionality is currently planned.

Go implementation details

Pluggable similar to output and js extensions. With minimal configuration.

Centralized log sanitization - k6 will see each secret passing and will start sanitizing logs for those values it has seen. This does mean that secret sources have less responsibilities and it is less likely for bugs.

Built in sources:

File based on

This is mostly for ease of use for development, but it just reads a text file with key=value pairs

REST API based on

For now very simple one with a url + headers, potentially with templating for the key of the secret requests. Potentially other options later

@mstoykov mstoykov added this to the v0.57.0 milestone Dec 19, 2024
@mstoykov mstoykov self-assigned this Jan 8, 2025
@mstoykov mstoykov linked a pull request Feb 5, 2025 that will close this issue
17 tasks
@mstoykov mstoykov removed this from the v0.57.0 milestone Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant