Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secrets Source extensions #4139

Open
mstoykov opened this issue Dec 19, 2024 · 0 comments
Open

Secrets Source extensions #4139

mstoykov opened this issue Dec 19, 2024 · 0 comments
Assignees
Milestone

Comments

@mstoykov
Copy link
Contributor

What?

Implement a way to get secrets from extensible sources and hide them in logs.

This is implementation proposal for #3207

Public API

Configuration

new cli flag --secret-source to add a secret source to k6.

Which takes a secret source name, and identifier and additional configuration.
--secret-source=sourcename=identifier,option1=value1,option2=value2

JS API

(the exist import is under consideration)

import { secrets } from k6;  
  
export default () => {  
    const my_secret = secrets.get("my_secret"); // get from 1 secret source if only 1, exception if more than 1 secret source or if no secret sources
    console.log(my_secret);  
}
import { secrets } from k6;  
  
export default () => {  
    const my_secret = secrets.source("identifier").get("my_secret"); // get secret from a source with the provided identifier
    console.log(my_secret);
}

No other functionality is currently planned.

Go implementation details

Pluggable similar to output and js extensions. With minimal configuration.

Centralized log sanitization - k6 will see each secret passing and will start sanitizing logs for those values it has seen. This does mean that secret sources have less responsibilities and it is less likely for bugs.

Built in sources:

File based on

This is mostly for ease of use for development, but it just reads a text file with key=value pairs

REST API based on

For now very simple one with a url + headers, potentially with templating for the key of the secret requests. Potentially other options later

@mstoykov mstoykov added this to the v0.57.0 milestone Dec 19, 2024
@mstoykov mstoykov self-assigned this Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant