Local secret replacement not working as expected

Hello, I’m currently working on my own connector and I guess I didn’t get the secrets mechanism. So here is what I understood so far:

  • If you want to use secrets in the out-of-the-box connectors you can add them as connector secrets in your c8 cluster UI
  • this is not working for a custom outbound connector, since they have a separate runtime, so the secrets have to be put into the runtime somehow

Here is where I stumble. I use the local connector runtime and try to set secrets as env variables, but it doesn’t work. Also I cannot find a tutorial about this. What is currently the best way to get your secrets into a Springboot application? I saw that one can put them into a docker image but I’m not that far yet and want to get it to work locally first.

Thanks in advance
Stefan

You should have a connector-secrets.txt in your local runtime. It starts with the 2 following lines:

# add secrets per line in the format NAME=VALUE
# WARNING: ensure not to commit changes to this file

Hi @cma,

Thanks for your response. I’m using the local SpringBoot connector runtime and added the file to my resources and classpath without any success. I did also the following from different sources in the docs:

Is it possible that maybe the wrong SecretsProvider is loaded which just doesn’t look in the right place?

Thanks
Stefan

EDIT: okay so apparently when I add them as env variables to the java call it works. But isn’t there a re Springy approach available?

Hi @itsmestefanjay, we specify the connector secrets file in the docker-compose like so: env_file: connector-secrets.txt. Sorry, unfortunately we don’t have more insights into secrets yet, we just found that this worked for us.

Hi @itsmestefanjay,

Currently there’s no Springy approach available out-of-the-box. In our Connector Runtime, we only provide one default way to resolve secrets - environment variables. In the Docker environment, you can also make use of the connector-secrets.txt file, as mentioned above.

Docs reference: Connectors configuration # Secrets

You can achieve more by implementing your custom Secret Provider. In your custom Connector Runtime bundle, you can extend the SecretProvider interface. In this implementation you can, for example, source the secrets from configuration properties.

In a Spring environment (given that you use our spring-boot-starter-camunda-connectors), you can simply declare your SecretProvider as a Spring bean with a @Primary annotation, and it will be picked up by the Runtime. Alternatively, you can wire it up using the special file that is read by Java Service Loader.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.