Thanks for the question. I tried to find a way that would work using the existing framework. Specifically, I looked into using the annotation that is partially implemented in the connector code base. That annotation relies on the getSecret method.
However, I don’t see a way to make this work for wrapped connectors, like the Kafka Connect Adapter mentioned in the PIP. In that case, the wrapped connector will have arbitrary secrets that we cannot know at compile time. As such, I think we need a framework change that gives users arbitrarily map in secrets at runtime. Thanks, Michael On Fri, Jul 28, 2023 at 7:42 PM Neng Lu <nl...@apache.org> wrote: > Hi Michael, > > Thanks for writing the PIP for the connector secret issue. > > One question I have is why not reusing the `context.getSecret()` method > inside connectors to get sensitive values. > > In this way, no API/framework changes are needed and all we need to do is > update each connector to get the secret value with `context.getSecret()` > first. If nothing provided, then fall back to the plain text way. > > What do you think? > > On 2023/07/28 21:59:57 Michael Marshall wrote: > > Hi Pulsar Community, > > > > This is the discussion thread for PIP > > https://github.com/apache/pulsar/pull/20903. > > > > This PIP will help improve Pulsar Connector Security by giving users > > the ability to remove all plaintext secrets from their configurations. > > > > Thanks, > > Michael > > >
