Skip to content

feat: Add plain text secret support for AWS Secrets Manager#711

Open
vlsi wants to merge 1 commit intoargoproj-labs:mainfrom
vlsi:aws_secretstring
Open

feat: Add plain text secret support for AWS Secrets Manager#711
vlsi wants to merge 1 commit intoargoproj-labs:mainfrom
vlsi:aws_secretstring

Conversation

@vlsi
Copy link

@vlsi vlsi commented Dec 9, 2025

Description

AWS Secrets Manager natively supports plain text secrets, but the plugin was forcing JSON parsing which caused plain text secrets to fail.

This change allows retrieving plain text secrets using the SecretString key, while maintaining full backward compatibility with existing JSON and binary secret handling.

AWS uses SecretString already, so it sounds fair to use it for AVP as well: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html

Changes:

  • Modified GetSecrets to gracefully handle non-JSON secret strings
  • Added SecretString key for plain text secret access
  • Added comprehensive test coverage for plain text scenarios
  • Updated documentation with usage examples

Fixes: #710

Checklist

Please make sure that your PR fulfills the following requirements:

  • Reviewed the guidelines for contributing to this repository
  • The commit message follows the Conventional Commits Guidelines.
  • Tests for the changes have been updated
  • Are you adding dependencies? If so, please run go mod tidy -compat=1.22.7 to ensure only the minimum is pulled in.
  • Docs have been added / updated
  • Optional. My organization is added to USERS.md.

Type of Change

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • New tests
  • Build/CI related changes
  • Documentation content changes
  • Other (please describe)

Other information

🤖 Generated with Claude Code

@vlsi vlsi requested review from jkayani and werne2j as code owners December 9, 2025 15:58
@vlsi vlsi force-pushed the aws_secretstring branch 2 times, most recently from 28b1586 to 9ffc89e Compare December 9, 2025 16:05
@vlsi
feat: Add plain text secret support for AWS Secrets Manager
cf97d7e 
AWS Secrets Manager natively supports plain text secrets, but the plugin
was forcing JSON parsing which caused plain text secrets to fail.

This change allows retrieving plain text secrets using the SecretString
key, while maintaining full backward compatibility with existing JSON
and binary secret handling.

Changes:
- Modified GetSecrets to gracefully handle non-JSON secret strings
- Added SecretString key for plain text secret access
- Added comprehensive test coverage for plain text scenarios
- Updated documentation with usage examples

Fixes argoproj-labs#710

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: Vladimir Sitnikov <sitnikov.vladimir@gmail.com>
@vlsi vlsi force-pushed the aws_secretstring branch from 9ffc89e to cf97d7e Compare December 9, 2025 16:05
@vlsi
Copy link
Author

vlsi commented Jan 26, 2026

A gentle ping. Could anyone please have a look over the PR?
Argo Vault Plugin can't handle "plain" (non-json) secrets in AWS which is a limitation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@werne2j werne2j Awaiting requested review from werne2j werne2j is a code owner

@jkayani jkayani Awaiting requested review from jkayani jkayani is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vlsi