Package com.netflix.spinnaker.kork.secrets.engines

Class SecretsManagerSecretEngine

java.lang.Object
com.netflix.spinnaker.kork.secrets.engines.SecretsManagerSecretEngine
All Implemented Interfaces:
com.netflix.spinnaker.kork.secrets.SecretEngine
@Component public class SecretsManagerSecretEngine extends Object implements com.netflix.spinnaker.kork.secrets.SecretEngine
Secret engine using AWS Secrets Manager. Authentication is performed using the AWS managing credentials and must have permission to perform secretsmanager:DescribeSecret and secretsmanager:GetSecretValue actions on relevant secrets. The "describe secret" action is used for UserSecretMetadata data which encodes said metadata as tags on the corresponding secret. Tag keys correspond to UserSecretMetadataField constants, and the spinnaker:roles tag should contain a comma-separated list of roles in its tag value (tags are string:string key/value pairs, not arbitrary JSON). User secrets without a spinnaker:encoding tag are assumed to be encoded as JSON to match existing typical usage of AWS Secrets Manager, though other user secret encoding formats are still supported via that tag.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected static final String
    SECRET_KEY
     
    protected static final String
    SECRET_NAME
     
    protected static final String
    SECRET_REGION
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecretsManagerSecretEngine(com.fasterxml.jackson.databind.ObjectMapper objectMapper, com.netflix.spinnaker.kork.secrets.user.UserSecretSerdeFactory userSecretSerdeFactory, SecretsManagerClientProvider clientProvider)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    clearCache()
     
    @NonNull com.netflix.spinnaker.kork.secrets.user.UserSecret
    decrypt(@NonNull com.netflix.spinnaker.kork.secrets.user.UserSecretReference reference)
     
    byte[]
    decrypt(com.netflix.spinnaker.kork.secrets.EncryptedSecret encryptedSecret)
     
    protected com.amazonaws.services.secretsmanager.model.DescribeSecretResult
    getSecretDescription(Map<String,String> parameters)
     
    protected com.amazonaws.services.secretsmanager.model.GetSecretValueResult
    getSecretValue(Map<String,String> parameters)
     
    String
    identifier()
     
    void
    validate(@NonNull com.netflix.spinnaker.kork.secrets.user.UserSecretReference reference)
     
    void
    validate(com.netflix.spinnaker.kork.secrets.EncryptedSecret encryptedSecret)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface com.netflix.spinnaker.kork.secrets.SecretEngine

    encrypt

  • Field Details

  • Constructor Details

    • SecretsManagerSecretEngine

      public SecretsManagerSecretEngine(com.fasterxml.jackson.databind.ObjectMapper objectMapper, com.netflix.spinnaker.kork.secrets.user.UserSecretSerdeFactory userSecretSerdeFactory, SecretsManagerClientProvider clientProvider)

  • Method Details

    • identifier

      public String identifier()
      Specified by:
      identifier in interface com.netflix.spinnaker.kork.secrets.SecretEngine

    • decrypt

      public byte[] decrypt(com.netflix.spinnaker.kork.secrets.EncryptedSecret encryptedSecret)
      Specified by:
      decrypt in interface com.netflix.spinnaker.kork.secrets.SecretEngine

    • decrypt

      @NonNull public @NonNull com.netflix.spinnaker.kork.secrets.user.UserSecret decrypt(@NonNull @NonNull com.netflix.spinnaker.kork.secrets.user.UserSecretReference reference)
      Specified by:
      decrypt in interface com.netflix.spinnaker.kork.secrets.SecretEngine

    • validate

      public void validate(com.netflix.spinnaker.kork.secrets.EncryptedSecret encryptedSecret)
      Specified by:
      validate in interface com.netflix.spinnaker.kork.secrets.SecretEngine

    • validate

      public void validate(@NonNull @NonNull com.netflix.spinnaker.kork.secrets.user.UserSecretReference reference)
      Specified by:
      validate in interface com.netflix.spinnaker.kork.secrets.SecretEngine

    • clearCache

      public void clearCache()
      Specified by:
      clearCache in interface com.netflix.spinnaker.kork.secrets.SecretEngine

    • getSecretDescription

      protected com.amazonaws.services.secretsmanager.model.DescribeSecretResult getSecretDescription(Map<String,String> parameters)

    • getSecretValue

      protected com.amazonaws.services.secretsmanager.model.GetSecretValueResult getSecretValue(Map<String,String> parameters)