berosen
commented
1 year ago Hey all, I'd be interested in this feature as well and just wanted to add some further information as to why I see this as useful.
- Many orgs manage their infrastructure via terraform, this includes creating and managing secrets. Supporting secrets managed outside of Airbyte give users more control over secret naming conventions, secret encryption, as well as tag management.
- If external secrets are allowed, secret rotation is more flexible and seamless. The secret can be update at will without the need of any direct involvement of any Airbyte components. This allows for less organizational overhead. For example if a data team is running Airbyte in cloud account A and pulling data from a source located in cloud account B, the data team can create a secret in account A and share it out to account B so that team can rotate their credentials without needing access to the Airbyte UI or involving the team managing Airbyte. The vice versa is true if the team in account B wants to manage their own secret, it can be shared out to account A so that Airbyte can access it.
- For those who use the terraform provider for managing connections, sensitive information is stored within the terraform statefile. An external secret would negate this, providing better security.
I'd be happy to submit a PR for this as well!
octavia-squidington-iii
kenske
What area the feature impact?
Airbyte Platform
Revelant Information
It looks like you guys support writing to a secrets store for any secrets (#837), however, how do I set airbyte to read a secret from an existing secret store.
More specifically, I'm setting up a source that requires and API key, and I don't want to have my team type that API key in, I would like for them to just state the name of the existing secret in google secrets manager