Skip to content

[Feature]: Implement AWS Secrets Manager Backend for Sensitive Values #21

New issue
New issue
Open
Feature
Open
[Feature]: Implement AWS Secrets Manager Backend for Sensitive Values#21
Feature
Labels
enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is needed
@ritwik-g

Description

@ritwik-g
ritwik-g
opened on Feb 27, 2025

Title

[Feature]: Implement AWS Secrets Manager Backend for Sensitive Values

Problem Statement

After implementing the GCS backend for sensitive values, we need to expand support to other popular secret management systems. AWS Secrets Manager is a widely used service that many organizations rely on for managing their secrets.

Proposed Solution

Implement an AWS Secrets Manager backend for sensitive values:

  1. Create an AWS backend implementation:

    • Implement AWSValueBackend class that extends the ValueBackend interface
    • Add authentication and configuration for AWS Secrets Manager
    • Implement secure storage and retrieval of sensitive values

  2. Update the configuration schema:

    • Add AWS-specific configuration options to the backend_config schema
    • Document the required AWS permissions and setup

  3. Add CLI commands for AWS backend configuration:

    • Add options to configure AWS region, credentials, and other settings
    • Support various AWS authentication methods

  4. Update documentation:

    • Add user guide for configuring and using AWS Secrets Manager
    • Add examples and best practices

Implementation Details

The implementation will:

  1. Store sensitive values in AWS Secrets Manager with appropriate encryption
  2. Use reference-based approach where only references are stored in the config file
  3. Support automatic retrieval of sensitive values when needed
  4. Include proper error handling for AWS-specific errors
  5. Add comprehensive tests for the AWS backend

Dependencies

This feature depends on the implementation of the base sensitive values support with the GCS backend.

Additional Context

This is part of a series of backend implementations for sensitive values, including:

  • GCS
  • AWS Secrets Manager
  • Azure Key Vault
  • HashiCorp Vault
  • Git Secret

Each backend will be implemented as a separate task to maintain focus and allow for incremental releases.

Labels

  • enhancement
  • feature
  • security

Requirements

  • This feature aligns with the project's scope and goals
  • I've checked that this feature doesn't already exist
  • I've searched for existing feature requests

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is needed

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions