Skip to content
Stable

This component is complete and can be used. The interfaces will be supported until the function is removed from the project via the deprecation process. There will be ongoing extensions to this function, but it will be done to ensure backward compatibility as far as possible. If there is a need to break backward compatibility, this will be discussed and reviewed in the community, with a documented timeline.

YAML File Secrets Store Connector

Connector details

Overview

The YAML File Secrets Store Connector is a Secrets Store Connector that retrieves secrets from a named YAML file. By convention, these YAML files have a file extension of omsecrets.

Figure 1

Figure 1: Operation of the YAML File Secrets Store Connector

Secrets within the YAML file are organized into collections. Each collection represents a set of secrets needed by a particular type of caller. When the YAML File Secrets Store Connector starts up, it opens the YAML file using the address passed in the endpoint of its connection. It located the appropriate collection using the name specified in the secretsCollectionName property found in the connection's configurationProperties. The connector will fail if either of these two values are missing.

Inside a collection are:

  • A refresh time interval (refreshTimeInterval) that defines how long the secrets can be cached. When the time expires, the connector retrieves the secrets from the cache.
  • A map of named secrets (secrets) - such as details of certificates or userId and passwords. These secrets are used by other connectors, and automated services to log on to remote services.
  • The details of an API to call to retrieve a token (tokenAPI). This includes the HTTP request type, URL and details fo the request and response body. This supplements the secrets map allowing certain secrets to be retrieved dynamically.
  • A map of userIds to user account details (users). This is needed by a connector that is supporting a user authentication service.
  • A map of named lists (namedLists) that is used to represent organizational units, security roles and groups needed by an authorization service.

Complete details of this structure can be found in Egeria's Javadoc and an example can be found in GitHub.

Configuration

This is its connection definition to embed into a calling connector's connection object.

Connection configuration for the environment variable secrets store connector

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
{
    "connection" : 
    { 
        "class" : "Connection",
        "qualifiedName" : "Egeria:SecretsStoreConnector:YAML File Connection",
        "connectorType" : 
        {
            "class" : "ConnectorType",
            "connectorProviderClassName" : "org.odpi.openmetadata.adapters.connectors.secretsstore.yaml.YAMLSecretsStoreProvider"
        },
        "endpoint" :
        {
            "class" : "Endpoint",
            "address" : {{secretsStoreFileLocation}}
        },
        "configurationProperties" :
        {
            "secretsCollectionName" : {{secretsCollectionName}}
        }
    }
}

Raise an issue or comment below