Skip to content

Add implementation plan for cloud secret manager support (Issue #23) #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
moosebay wants to merge 2 commits into from
Closed

Add implementation plan for cloud secret manager support (Issue #23) #27

moosebay wants to merge 2 commits into from
+1,140 −27

Conversation

@moosebay
Copy link
Contributor

@moosebay moosebay commented Feb 8, 2026

Covers architecture, file changes, testing strategy, and phasing for
adding {{#gcp:...}}, {{#aws:...}}, {{#azure:...}} secret references
to the expression/interpolation engine.

https://claude.ai/code/session_01K9aguf3SXNiy25vwT3wBkA

claude added 2 commits February 8, 2026 20:57
@claude
Add implementation plan for cloud secret manager support (Issue #23)
15bfe53 
Covers architecture, file changes, testing strategy, and phasing for
adding {{#gcp:...}}, {{#aws:...}}, {{#azure:...}} secret references
to the expression/interpolation engine.

https://claude.ai/code/session_01K9aguf3SXNiy25vwT3wBkA
@claude
feat: add cloud secret manager support for expression interpolation
6c2ba05 
Implements infrastructure for resolving cloud secrets in {{}} template
expressions (Issue #23). Adds GCP Secret Manager support with #gcp:
prefix and optional #fragment JSON field extraction.

New packages:
- secretresolver: SecretResolver interface, ParseSecretRef, ExtractFragment
- secretresolver/gcpsecret: GCP Secret Manager implementation with caching

Expression package changes:
- Add #gcp:, #aws:, #azure: prefix recognition to resolveVar() dispatch
- Thread context.Context through interpolation for network calls
- Add SecretReferenceError type with provider/ref/fragment fields
- Add WithSecretResolver() builder on UnifiedEnv
- Mask secret values as "***" in variable tracking

Wiring:
- Add SecretResolver field to FlowNodeRequest
- Pass resolver through FlowLocalRunner -> FlowNodeRequest -> nodes
- Wire into request node (sync + async) and AI node
- Use variadic parameter in PrepareHTTPRequestWithTracking for
  backward-compatible secret resolver injection

Tests:
- Unit tests for fragment extraction, reference parsing, multi-resolver
- Expression tests with mock SecretResolver (GCP, AWS, Azure prefixes)
- Integration test skeleton behind gcp_integration build tag

Note: go.mod adds cloud.google.com/go/secretmanager dependency.
Run `go mod tidy` with network access to update go.sum.

https://claude.ai/code/session_01K9aguf3SXNiy25vwT3wBkA
@moosebay
Copy link
Contributor Author

moosebay commented Feb 9, 2026

Closing in favor of new PR with renamed branch (feat/ prefix) and squashed commits.

@moosebay moosebay closed this Feb 9, 2026
@moosebay moosebay deleted the claude/plan-issue-23-hGNnf branch February 9, 2026 07:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@moosebay @claude