You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2022/03/01 17:15:06 UTC
[camel] branch main updated (31d7044 -> a118f6e)
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git.
from 31d7044 CAMEL-17728: camel-quarz - Remove option that was no longer in use.
new f88b1b3 CAMEL-17684 - Support ability to load properties from Vault/Secrets cloud services - GCP Secrets Manager
new a118f6e CAMEL-17684 - Support ability to load properties from Vault/Secrets cloud services - GCP Secrets Manager
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../main/docs/google-secret-manager-component.adoc | 92 +++++++++++++++++++++
docs/user-manual/modules/ROOT/pages/security.adoc | 94 ++++++++++++++++++++++
2 files changed, 186 insertions(+)
[camel] 01/02: CAMEL-17684 - Support ability to load properties from Vault/Secrets cloud services - GCP Secrets Manager
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
commit f88b1b35a83b4e1cf2a4919976044a18946cf62b
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Mar 1 18:11:15 2022 +0100
CAMEL-17684 - Support ability to load properties from Vault/Secrets cloud services - GCP Secrets Manager
---
docs/user-manual/modules/ROOT/pages/security.adoc | 94 +++++++++++++++++++++++
1 file changed, 94 insertions(+)
diff --git a/docs/user-manual/modules/ROOT/pages/security.adoc b/docs/user-manual/modules/ROOT/pages/security.adoc
index 8823024..cbdeb85 100644
--- a/docs/user-manual/modules/ROOT/pages/security.adoc
+++ b/docs/user-manual/modules/ROOT/pages/security.adoc
@@ -64,6 +64,7 @@ Camel also support accessing the secured configuration from an external vault sy
The following _Vaults_ are supported by Camel:
* xref:components::aws-secrets-manager-component.adoc[AWS Secrets Manager]
+* xref:components::google-secret-manager-component.adoc[Google Secret Manager]
==== Using AWS Vault
@@ -160,3 +161,96 @@ NOTE: For the moment we are not considering the rotation function, if any will b
The only requirement is adding `camel-aws-secrets-manager` JAR to your Camel application.
+==== Using GCP Vault
+
+To use GCP Secret Manager you need to provide _serviceAccountKey_ file and GCP _projectId_.
+This can be done using environmental variables before starting the application:
+
+[source,bash]
+----
+export $CAMEL_VAULT_GCP_SERVICE_ACCOUNT_KEY=file:////path/to/service.accountkey
+export $CAMEL_VAULT_GCP_PROJECT_ID=projectId
+----
+
+You can also configure the credentials in the `application.properties` file such as:
+
+[source,properties]
+----
+camel.vault.gcp.serviceAccountKey = accessKey
+camel.vault.gcp.projectId = secretKey
+----
+
+At this point you'll be able to reference a property in the following way by using `gcp:` as prefix in the `{{ }}` syntax:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{gcp:route}}"/>
+ </route>
+</camelContext>
+----
+
+Where `route` will be the name of the secret stored in the GCP Secret Manager Service.
+
+You could specify a default value in case the secret is not present on GCP Secret Manager:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{gcp:route:default}}"/>
+ </route>
+</camelContext>
+----
+
+In this case if the secret doesn't exist, the property will fallback to "default" as value.
+
+Also, you are able to get particular field of the secret, if you have for example a secret named database of this form:
+
+[source,json]
+----
+{
+ "username": "admin",
+ "password": "password123",
+ "engine": "postgres",
+ "host": "127.0.0.1",
+ "port": "3128",
+ "dbname": "db"
+}
+----
+
+You're able to do get single secret value in your route, like for example:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{gcp:database/username}}"/>
+ </route>
+</camelContext>
+----
+
+Or re-use the property as part of an endpoint.
+
+You could specify a default value in case the particular field of secret is not present on GCP Secret Manager:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{gcp:database/username:admin}}"/>
+ </route>
+</camelContext>
+----
+
+In this case if the secret doesn't exist or the secret exists, but the username field is not part of the secret, the property will fallback to "admin" as value.
+
+NOTE: For the moment we are not considering the rotation function, if any will be applied, but it is in the work to be done.
+
+The only requirement is adding `camel-google-secret-manager` JAR to your Camel application.
+
[camel] 02/02: CAMEL-17684 - Support ability to load properties from Vault/Secrets cloud services - GCP Secrets Manager
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
commit a118f6e01040011e85a410cf8d4564c89bbfa046
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Mar 1 18:13:03 2022 +0100
CAMEL-17684 - Support ability to load properties from Vault/Secrets cloud services - GCP Secrets Manager
---
.../main/docs/google-secret-manager-component.adoc | 92 ++++++++++++++++++++++
1 file changed, 92 insertions(+)
diff --git a/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc b/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
index 55f8f03..751dc27 100644
--- a/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
+++ b/components/camel-google/camel-google-secret-manager/src/main/docs/google-secret-manager-component.adoc
@@ -84,6 +84,98 @@ include::partial$component-endpoint-options.adoc[]
// endpoint options: END
+==== Using GCP Secret Manager Properties Source
+
+To use GCP Secret Manager you need to provide _serviceAccountKey_ file and GCP _projectId_.
+This can be done using environmental variables before starting the application:
+
+[source,bash]
+----
+export $CAMEL_VAULT_GCP_SERVICE_ACCOUNT_KEY=file:////path/to/service.accountkey
+export $CAMEL_VAULT_GCP_PROJECT_ID=projectId
+----
+
+You can also configure the credentials in the `application.properties` file such as:
+
+[source,properties]
+----
+camel.vault.gcp.serviceAccountKey = accessKey
+camel.vault.gcp.projectId = secretKey
+----
+
+At this point you'll be able to reference a property in the following way by using `gcp:` as prefix in the `{{ }}` syntax:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{gcp:route}}"/>
+ </route>
+</camelContext>
+----
+
+Where `route` will be the name of the secret stored in the GCP Secret Manager Service.
+
+You could specify a default value in case the secret is not present on GCP Secret Manager:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{gcp:route:default}}"/>
+ </route>
+</camelContext>
+----
+
+In this case if the secret doesn't exist, the property will fallback to "default" as value.
+
+Also, you are able to get particular field of the secret, if you have for example a secret named database of this form:
+
+[source,json]
+----
+{
+ "username": "admin",
+ "password": "password123",
+ "engine": "postgres",
+ "host": "127.0.0.1",
+ "port": "3128",
+ "dbname": "db"
+}
+----
+
+You're able to do get single secret value in your route, like for example:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{gcp:database/username}}"/>
+ </route>
+</camelContext>
+----
+
+Or re-use the property as part of an endpoint.
+
+You could specify a default value in case the particular field of secret is not present on GCP Secret Manager:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{gcp:database/username:admin}}"/>
+ </route>
+</camelContext>
+----
+
+In this case if the secret doesn't exist or the secret exists, but the username field is not part of the secret, the property will fallback to "admin" as value.
+
+NOTE: For the moment we are not considering the rotation function, if any will be applied, but it is in the work to be done.
+
+The only requirement is adding `camel-google-secret-manager` JAR to your Camel application.
=== Google Secret Manager Producer operations