Closed telday closed 1 year ago
orenbm
commented
3 years ago thanks for creating this issue @telday !
The secrets-provider uses the conjur-api-go for retrieving secrets so the fix will go there.
Just to clarify - to use this feature we need to add the new header and then base-64 decode each secret in the JSON object?
telday
commented
3 years ago @orenbm yes, that is the planned implementation, @izgeri recommended editing the go client requests to the batch secrets endpoint to use the new header and automatically decode the returned JSON
izgeri
commented
3 years ago @orenbm yup!
I think we would update the go client so that this request https://github.com/cyberark/conjur-api-go/blob/b3f7d8f046f8d48d072fa028217d1add8a5a294e/conjurapi/router_v5.go#L141 sends the header, and this method base64 decodes it: https://github.com/cyberark/conjur-api-go/blob/b3f7d8f046f8d48d072fa028217d1add8a5a294e/conjurapi/variable.go#L27
then the secrets provider would just have to bump its go client version.
orenbm
commented
3 years ago beauty!
izgeri
commented
3 years ago Note: the server was changed, so we'll actually want to change this to use v0.7.2 of the go client, to be released in https://github.com/cyberark/conjur-api-go/issues/102
Is your feature request related to a problem? Please describe.
The Go client was updated to retrieve batch secrets using the
Accept: base64header in order to avoid encoding errors in Conjur. This secrets provider should be updated to use the new version of the client which includes this update.Additional context
Here is the original issue referencing the use of secrets provider for k8s.