Skip to content

[Enhancement] Manual Secret Refresh #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mariom3 opened this issue Jul 24, 2020 · 4 comments
Closed

[Enhancement] Manual Secret Refresh #23

mariom3 opened this issue Jul 24, 2020 · 4 comments
Labels
enhancement New feature or request

Comments

@mariom3
Copy link

mariom3 commented Jul 24, 2020

It would be useful to be able to manually refresh a secret. I've forked the project and have made changes so I can use it myself in a custom version. I'm curious to hear if there's a better way. If that is useful here, I can open a PR with my changes. Here is what I did:

Use Case

Say some credentials need to be validated against that in AWS secrets manager. Using this library, the encapsulating application will usually get cached values if available, which is good. However, if the secret that is being validated does not match what this library's cache has, it would be useful to then manually refresh. This way one would be ensuring the secret is validated against the latest when needed without having to lower the refresh interval.

With the modifications below one can run:

if validation_failed:
    cache.refresh_secret('secret_name')
    validate(my_secret, 'secret_name')

Modifications

Add manual_refresh() to SecretCacheObject in cache/items.py:

def manual_refresh(self):
    """Refresh the cached object manually.

    :rtype: None
    :return: None
    """
    self._refresh_needed = False
    try:
        self._set_result(self._execute_refresh())
        self._exception = None
        self._exception_count = 0
    except Exception as e:
        self._exception = e
        delay = self._config.exception_retry_delay_base * (
            self._config.exception_retry_growth_factor ** self._exception_count
        )
        self._exception_count += 1
        delay = min(delay, self._config.exception_retry_delay_max)
        self._next_retry_time = datetime.utcnow() + timedelta(milliseconds=delay)

Add refresh_secret() to SecretCache in secret_cache.py:

def refresh_secret(self, secret_id):
    """Refresh the given secret.

    :type secret_id: str
    :param secret_id: The secret identifier

    :rtype: None
    :return: None
    """
    secret_object = self._get_cached_secret(secret_id)
    secret_object.manual_refresh()
@mariom3 mariom3 changed the title Manual Secret Refresh [Enhancement] Manual Secret Refresh Jul 24, 2020
@parimaldeshmukh
Copy link
Contributor

Thank you for your feedback. We have noted this as a feature request.

@parimaldeshmukh parimaldeshmukh added the enhancement New feature or request label May 17, 2021
@viveksinghtt
Copy link

Is there an update to this? Is this implemented now?

@johnbumgardner
Copy link

is anyone working on this?

@jbct
Copy link

jbct commented Apr 18, 2023

Closing as a duplicate of #16. While this isn't actively being worked at the moment, we do have it on our list.

@jbct jbct closed this as completed Apr 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@parimaldeshmukh @jbct @viveksinghtt @mariom3 @johnbumgardner