TriggerAuthentication : AWS Secret Manager should allow to pass "Secret key" as one of the parameter under secrets

[Tejasvihuded]

Report

There is no way I can pass "Secret key" under "awsSecretManager.secrets" section. When we actually create secret in AWS secret Manager it will have "Secret name" under which we will have "Key/Value" pairs.
For Example:

"Secret name" can be "keda-int" under which we will have "Key/Value" pairs ,something like.

Secret key | Secret value

userName | dummyuser
password | dummypass

For for above if I want to create "TriggerAuthentication",I want new parameter to pass {aws-secret-key},else there is no way we can say which Secret Key to use for each parameter

apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: sample
spec:
    podIdentity:             
      provider: aws               
    region: us-east-2                                                 
    secrets:                                                              
    - parameter: userName
      name: keda-int
      *key: {aws-secret-key}*
    - parameter: password
      name: keda-int   
      *key: {aws-secret-key}*

Expected Behavior

Need new "key" parameter under secrets section

Actual Behavior

There is no way we can pass "Secret Key" today under "Secret Name"

Steps to Reproduce the Problem

NA

Logs from KEDA operator

NA

KEDA Version

2.13.0

Kubernetes Version

1.28

Platform

Amazon Web Services

Scaler Details

postgresql

Anything else?

No response

[nrichardson-akasa]

This would be very helpful for me as well. We store username, password, and host in the AWS secret. Being able to pull all of them from one secret as opposed to having to create multiple secrets for each parameter would be great!

[JorTurFer]

Is it possible to have multiple secrets within the same AWS secret? It's an interesting feature tbh, are you willing to contribute with it?

[nrichardson-akasa]

@JorTurFer I've opened a preliminary PR with the changes I think are needed. I am not a Go developer, so I may be missing something. Also, I have not added any tests as the existing test did not seem to attempt to pull a secret. Open to comments/concerns!
#6031

[JorTurFer]

The PR is quite good. You can't test that part with unit tests as it depends on the AWS package but you can include an e2e test for it. You could extend the current e2e tests to cover this new feature. There are currently 2 e2e tests covering this service:

• https://github.com/kedacore/keda/blob/main/tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go
• https://github.com/kedacore/keda/blob/main/tests/secret-providers/aws_secretmanager_pod_identity/aws_secretmanager_pod_identity_test.go

They do exactly the same, one using credentials and the other one using podIdentity. I think that just extending one of them could be enough (but if you are willing, updating both will keep them aligned xD)

[nrichardson-akasa]

Sounds good! I'll update my PR on Monday to include some tests then.

[nrichardson-akasa]

@JorTurFer I've went ahead and added 2 E2E tests (one for each file). Can you kick off the E2E tests? Once confirmed working, I will make a separate PR for the documentation changes