Description
Enhancement to provide for common use case looking for a specific key (password) out of the secret payload
Often though many different pieces of data are in the Secret Manager JSON payload the data the application is interested in is simply the password or secret at hand.
Look to add parity similar to how it works when retrieving directly from ECS/task definition
Implementation details/concerns:
- As the payload would change should it be a different end point or just an additional query param?
- What type of validation and error codes would be needed for when json key is not present?
Option 1:
Add a new simple query parameter
http://localhost:2773/secretsmanager/get?secretId=<YOUR_SECRET_ID>&jsonKey=password
(Less Ideal) Resulting payload BAU with new response key SecretKeyValue
{
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3",
"Name": "MyTestSecret",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"SecretString": "{\"username\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}",
"SecretKeyValue": "EXAMPLE-PASSWORD"
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": 1523477145.713
}
(More Ideal) Resulting payload that breaks the contract of original query response
EXAMPLE-PASSWORD
Option 2:
Introduce a different endpoint to allow for different payload
http://localhost:2773/secretsmanager/<YOUR_SECRET_ID>/password
Resulting payload
EXAMPLE-PASSWORD
I am open to trying to help contribute if issue is excepted