Open blimmer opened 11 months ago
I'm the author of cdk-datadog-integration, which provides AWS CDK constructs to set up Datadog integrations via these CloudFormation templates.
cdk-datadog-integration
In older versions of the CloudFormation template, I could pass the Datadog API Key as a Secrets Manager secret: https://github.com/DataDog/cloudformation-template/blob/53d9b7f5dccbf3b0049cbbb21ec6ea024fbb7327/aws/main.yaml#L19-L23
This allowed me to keep plain-text secrets out of the AWS CDK code, instead referencing it within Secrets Manager.
However, the new quickstart_v2 requires two secrets: APIKey and APPKey, neither of which can be passed as secrets.
APIKey
APPKey
Therefore, to update my construct to use the newer quickstart, users would have to hardcode APIKey and APPKey in plain-text, which is not ideal.
All CloudFormation parameters that could be considered sensitive should be passable via AWS Secrets Manager ARNs vs. hard-coded parameters.
These sensitive parameters must currently be passed as hard-coded strings.
N/A
Are there any updates regarding this?
Context
I'm the author of
cdk-datadog-integration
, which provides AWS CDK constructs to set up Datadog integrations via these CloudFormation templates.In older versions of the CloudFormation template, I could pass the Datadog API Key as a Secrets Manager secret: https://github.com/DataDog/cloudformation-template/blob/53d9b7f5dccbf3b0049cbbb21ec6ea024fbb7327/aws/main.yaml#L19-L23
This allowed me to keep plain-text secrets out of the AWS CDK code, instead referencing it within Secrets Manager.
However, the new quickstart_v2 requires two secrets:
APIKey
andAPPKey
, neither of which can be passed as secrets.Therefore, to update my construct to use the newer quickstart, users would have to hardcode
APIKey
andAPPKey
in plain-text, which is not ideal.Expected Behavior
All CloudFormation parameters that could be considered sensitive should be passable via AWS Secrets Manager ARNs vs. hard-coded parameters.
Actual Behavior
These sensitive parameters must currently be passed as hard-coded strings.
Steps to Reproduce the Problem
APPKey
andAPIKey
as strings.Specifications
Stacktrace
N/A