AWS Secrets Manager - JSON Secret Support

[hreeder]

Component(s)

confmap/provider/secretsmanagerprovider

Is your feature request related to a problem? Please describe.

AWS Secrets Manager Secrets are often formatted as JSON 1 but the current implementation expects that a secret is a single string.

Describe the solution you'd like

I propose adding a field parser of some form such that config may look like this:

my_config_val: ${secretsmanager:arn:aws:secretsmanager:us-east-1:123456789012:secret:SecretName-123abc#username}

The suggestion would be that #username could either be a naive field selector, or more advanced could look at being a JMESPath query.

How we'd like to use this would look like this:

receivers:
  azuremonitor:
    client_id: "${secretsmanager:secret-arn#client_id}"
    client_secret: "${secretsmanager:secret-arn#client_secret}"
    collection_interval: 60s
    initial_delay: 1s

In this case the Client ID & Client Secret are part of the same piece of data that we'd like to pull into our configuration and store together.

Describe alternatives you've considered

We can work around this right now by creating multiple secrets in AWS, however this means we cannot leverage rotation functionality built into the tool as we'd have to externally coordinate rotating multiple secrets.

Additional context

If this is accepted, I'd be happy to get involved and try and contribute this myself.

[github-actions]

Pinging code owners:

• confmap/provider/secretsmanagerprovider: @driverpt @atoulme

See Adding Labels via Comments if you do not have permissions to add labels yourself.

[hkarn-godaddy]

We also need this for using secrets with opentelemetry-lambda/collector in AWS Lambda Layer. I updated my fork along with changes from @Dionmm for now and can contribute it back if approved.

[atoulme]

Sure sounds good

[crobert-1]

Removing needs triage as a code owner has voiced support for this proposal.