Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-4742

Cannot use Secrets in Debezium server connector config

    XMLWordPrintable

Details

    • Hide

      Given a file named `/tmp/secret_password.txt` containing:

      ```

      host=localhost

      ```

      Use the following application.properties settings:

      ```
      debezium.source.config.providers=file
      debezium.source.config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
      debezium.source.database.hostname=${file:/tmp/secret_password.txt:host}
      ```
      Results in an exception from the source connector (the hostname remains as ${...}).

      Show
      Given a file named `/tmp/secret_password.txt` containing: ``` host=localhost ``` Use the following application.properties settings: ``` debezium.source.config.providers=file debezium.source.config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider debezium.source.database.hostname=${ file:/tmp/secret_password.txt:host } ``` Results in an exception from the source connector (the hostname remains as ${...}).

    Description

      Using Secrets is supported in the Kafka-connect Debezium by using a FileConfigProvider as described here: https://debezium.io/blog/2019/12/13/externalized-secrets/

      It seems that in Debezium embedded engine, and as a result Debezium server, the properties that are passed on to the connector are the raw properties and not the result of the interpolation. As a result, we cannot useĀ  FileConfigProvider for secrets externalization in Debezium server for source connectors.

      Attachments

        Activity

          People

            Unassigned Unassigned
            zalmane Oren Elias
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: