This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel.git
commit b3b1695f384dbdf152100bcc4ab9433d4c642fbd Author: Andrea Cosentino <anco...@gmail.com> AuthorDate: Thu Sep 22 17:50:08 2022 +0200 Camel Google Secret Manager: Added docs related to Secret Refresh and camel context reload --- .../main/docs/google-secret-manager-component.adoc | 49 +++++++++++++++++++++- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc b/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc index 6889d3ca727..65d5e5b565e 100644 --- a/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc +++ b/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc @@ -230,12 +230,57 @@ This approach will return the route secret value with version '1' or default val This approach will return the username field of the database secret with version '1' or admin in case the secret doesn't exist or the version doesn't exist. -NOTE: For the moment we are not considering the rotation function, if any will be applied, but it is in the work to be done. - There are only two requirements: - Adding `camel-google-secret-manager` JAR to your Camel application. - Give the service account used permissions to do operation at secret management level (for example accessing the secret payload, or being admin of secret manager service) +=== Automatic Camel context reloading on Secret Refresh + +Being able to reload Camel context on a Secret Refresh, could be done by specifying the usual credentials (the same used for Google Secret Manager Property Function). + +With Environment variables: + +[source,bash] +---- +export $CAMEL_VAULT_GCP_USE_DEFAULT_INSTANCE=true +export $CAMEL_VAULT_GCP_PROJECT_ID=projectId +---- + +or as plain Camel main properties: + +[source,properties] +---- +camel.vault.gcp.useDefaultInstance = true +camel.vault.aws.projectId = projectId +---- + +Or by specifying a path to a service account key file, instead of using the default instance. + +To enable the automatic refresh you'll need additional properties to set: + +[source,properties] +---- +camel.vault.gcp.projectId= projectId +camel.vault.gcp.refreshEnabled=true +camel.vault.gcp.refreshPeriod=60000 +camel.vault.gcp.secrets=hello* +camel.vault.gcp.subscriptionName=subscriptionName +camel.main.context-reload-enabled = true +---- + +where `camel.vault.gcp.refreshEnabled` will enable the automatic context reload, `camel.vault.gcp.refreshPeriod` is the interval of time between two different checks for update events and `camel.vault.gcp.secrets` is a regex representing the secrets we want to track for updates. + +Note that `camel.vault.gcp.secrets` is not mandatory: if not specified the task responsible for checking updates events will take into accounts or the properties with an `gcp:` prefix. + +The `camel.vault.gcp.subscriptionName` is the subscription name created in relation to the Google PubSub topic associated with the tracked secrets. + +This mechanism while make use of the notification system related to Google Secret Manager: through this feature, every secret could be associated to one up to ten Google Pubsub Topics. These topics will receive +events related to life cycle of the secret. + +There are only two requirements: +- Adding `camel-google-secret-manager` JAR to your Camel application. +- Give the service account used permissions to do operation at secret management level (for example accessing the secret payload, or being admin of secret manager service and also have permission over the Pubsub service) + === Google Secret Manager Producer operations Google Functions component provides the following operation on the producer side: