Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-4742

Cannot use Secrets in Debezium server connector config

XMLWordPrintable

    • False
    • False
    • Hide

      Given a file named `/tmp/secret_password.txt` containing:

      ```

      host=localhost

      ```

      Use the following application.properties settings:

      ```
      debezium.source.config.providers=file
      debezium.source.config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
      debezium.source.database.hostname=${file:/tmp/secret_password.txt:host}
      ```
      Results in an exception from the source connector (the hostname remains as ${...}).

      Show
      Given a file named `/tmp/secret_password.txt` containing: ``` host=localhost ``` Use the following application.properties settings: ``` debezium.source.config.providers=file debezium.source.config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider debezium.source.database.hostname=${ file:/tmp/secret_password.txt:host } ``` Results in an exception from the source connector (the hostname remains as ${...}).

      Using Secrets is supported in the Kafka-connect Debezium by using a FileConfigProvider as described here: https://debezium.io/blog/2019/12/13/externalized-secrets/

      It seems that in Debezium embedded engine, and as a result Debezium server, the properties that are passed on to the connector are the raw properties and not the result of the interpolation. As a result, we cannot useĀ  FileConfigProvider for secrets externalization in Debezium server for source connectors.

              Unassigned Unassigned
              zalmane Oren Elias (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: