external-secrets icon indicating copy to clipboard operation
external-secrets copied to clipboard
verified publisher icon external-secrets

Add `SecureString` for `PushString` to AWS Parameter Store

Open meysam81 opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe. I'm baffled as to why this is not a customizable flag in the PushSecret.spec to set the parameter type for AWS SSM Parameter Store. This is the offending line:

https://github.com/external-secrets/external-secrets/blob/e32bc394258b9ed26eb3a9c364e80843e9c08906/pkg/provider/aws/parameterstore/parameterstore.go#L141

This should obviously be something the client should be able to customize, with the default of String if you really want it. But, nevertheless, it shouldn't be a hard-coded value.

Describe the solution you'd like I'd like to be able to modify the value to SecureString please. On the same topic, you should also be able to set the Parameter Tier of either Standard or Advanced. reference

Describe alternatives you've considered The alternative is to fork the repo and modify it to have the default hard-coded value of SecureString (cause I'm not a Go guy by any means :grimacing:).

Additional context nada

meysam81 avatar Apr 29 '24 03:04 meysam81

To whoever pick up this issue - this change should be done on SecretStore CRDs, where a flag can be set and then consumed (instead of the current hard coded value).

gusfcarvalho avatar May 01 '24 15:05 gusfcarvalho

For SecureString it would also require specifying the encryption KMS key ID for cases where a non-default key should be used.

crabique avatar May 23 '24 15:05 crabique

Can I work on this improvement?

vsantos avatar Jun 07 '24 20:06 vsantos

Sure. Go ahead!

Skarlso avatar Jun 08 '24 09:06 Skarlso

Nice work folks

DarrenBishop avatar Jun 23 '24 19:06 DarrenBishop