Skip to content

feat: allow secrets collector to retreive all key data if specified #1801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: allow secrets collector to retreive all key data if specified #1801

wants to merge 3 commits into from

Conversation

diamonwiggins
Copy link
Member

Description

This PR adds a new includeAllData field to the secrets collector that allows collecting all key-value pairs from a Kubernetes secret, similar to the existing functionality in the ConfigMap collector.

Problem

Previously, the secrets collector could only:

  • Collect secret metadata (existence, basic info)
  • Collect a specific key's value using key + includeValue

Users requested the ability to collect all key-value pairs from a secret without having to specify each key individually.

Solution

Added includeAllData boolean field that when set to true:

  • Populates a data map with all secret key-value pairs (converted from []byte to string)
  • Simplifies logic by making includeAllData take precedence over key-specific collection
  • Uses consistent filename patterns (no key suffix when collecting all data)
  • Follows the same pattern as the existing ConfigMap collector for consistency

Checklist

  • New and existing tests pass locally with introduced changes.
  • Tests for the changes have been added (for bug fixes / features)
  • The commit message(s) are informative and highlight any breaking changes
  • Any documentation required has been added/updated.

Does this PR introduce a breaking change?

  • Yes
  • No

Usage Examples

# Collect all key-value pairs from a specific secret
- secret:
    name: my-app-config
    namespace: default
    includeAllData: true

# Collect all data from secrets matching a selector
- secret:
    namespace: default
    selector: ["app=my-app"]
    includeAllData: true

Output Format

With includeAllData: true, the JSON output includes a data field:

{
  "namespace": "default",
  "name": "my-app-config", 
  "secretExists": true,
  "data": {
    "database-password": "supersecret123",
    "api-key": "abc123xyz",
    "jwt-secret": "my-signing-key"
  }
}

Traditional key-specific collection remains unchanged:

{
  "namespace": "default",
  "name": "my-app-config",
  "key": "api-key", 
  "secretExists": true,
  "keyExists": true,
  "value": "abc123xyz"
}

@diamonwiggins diamonwiggins requested a review from a team as a code owner June 27, 2025 20:36
@diamonwiggins diamonwiggins added the type::feature New feature or request label Jun 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type::feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@diamonwiggins