Skip to content

Remove config templating in favour of explicit secret references #1657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nscuro merged 1 commit into from
Jan 15, 2026
Merged

Remove config templating in favour of explicit secret references #1657

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion api/src/main/openapi/components/schemas/secrets/list-secrets-response.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,12 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) OWASP Foundation. All Rights Reserved.
type: object
allOf:
- $ref: "../paginated-response.yaml"
properties:
secrets:
type: array
items:
$ref: "./list-secrets-response-item.yaml"
$ref: "./secret-metadata.yaml"
required:
- secrets
Comment thread
nscuro marked this conversation as resolved.
0 ...s/secrets/list-secrets-response-item.yaml → ...ents/schemas/secrets/secret-metadata.yaml
View file
Open in desktop
File renamed without changes.
25 changes: 16 additions & 9 deletions api/src/main/openapi/paths/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,27 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) OWASP Foundation. All Rights Reserved.
get:
operationId: listSecrets
summary: List all secrets
description: >-
Returns a list of secrets.

* Does not include secret *values*, only metadata.
* Does not support pagination.
operationId: listSecretMetadata
summary: List secret metadata
description: |-
Returns a paginated list of secret metadata.

Requires the `SECRET_MANAGEMENT` or `SECRET_MANAGEMENT_READ` permission.
Requires the `SYSTEM_CONFIGURATION` or `SYSTEM_CONFIGURATION_READ` permission.
tags:
- Secrets
parameters:
- name: q
description: >-
Optional search text to filter secrets by.
Filtering uses case-insensitive "starts with" semantics on the secret name.
in: query
schema:
type: string
- $ref: "../components/parameters/page-token.yaml"
- $ref: "../components/parameters/pagination-limit.yaml"
responses:
"200":
description: List of secrets
description: Paginated list of secret metadata
content:
application/json:
schema:
Expand Down
32 changes: 32 additions & 0 deletions api/src/main/openapi/paths/secrets__name_.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,38 @@
#
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) OWASP Foundation. All Rights Reserved.
get:
operationId: getSecretMetadata
summary: Get secret metadata
description: |-
Returns metadata about a given secret.

Requires the `SYSTEM_CONFIGURATION` or `SYSTEM_CONFIGURATION_READ` permission.
tags:
- Secrets
parameters:
- name: name
in: path
description: The name of the secret
required: true
schema:
$ref: "../components/schemas/secrets/secret-name.yaml"
responses:
"200":
description: Secret metadata
content:
application/json:
schema:
$ref: "../components/schemas/secrets/secret-metadata.yaml"
"401":
$ref: "../components/responses/generic-unauthorized-error.yaml"
"403":
$ref: "../components/responses/generic-forbidden-error.yaml"
"404":
$ref: "../components/responses/generic-not-found-error.yaml"
default:
$ref: "../components/responses/generic-error.yaml"

patch:
operationId: updateSecret
summary: Update a secret
Expand Down
2 changes: 0 additions & 2 deletions apiserver/src/main/java/org/dependencytrack/auth/Permissions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ public enum Permissions {
ACCESS_MANAGEMENT_DELETE("Allows delete permissions of users, teams, and API keys"),
SECRET_MANAGEMENT("Grants full secret management access"),
SECRET_MANAGEMENT_CREATE("Grants the ability to create secrets"),
SECRET_MANAGEMENT_READ("Grants the ability to view secret metadata"),
SECRET_MANAGEMENT_UPDATE("Grants the ability to update secrets"),
SECRET_MANAGEMENT_DELETE("Grants the ability to delete secrets"),
SYSTEM_CONFIGURATION("Allows all access to configuration of the system including notifications, repositories, and email settings"),
Expand Down Expand Up @@ -109,7 +108,6 @@ public static class Constants {
public static final String ACCESS_MANAGEMENT_DELETE = "ACCESS_MANAGEMENT_DELETE";
public static final String SECRET_MANAGEMENT = "SECRET_MANAGEMENT";
public static final String SECRET_MANAGEMENT_CREATE = "SECRET_MANAGEMENT_CREATE";
public static final String SECRET_MANAGEMENT_READ = "SECRET_MANAGEMENT_READ";
public static final String SECRET_MANAGEMENT_UPDATE = "SECRET_MANAGEMENT_UPDATE";
public static final String SECRET_MANAGEMENT_DELETE = "SECRET_MANAGEMENT_DELETE";
public static final String SYSTEM_CONFIGURATION = "SYSTEM_CONFIGURATION";
Expand Down
107 changes: 0 additions & 107 deletions ...n/java/org/dependencytrack/config/templating/ConfigTemplatePebbleExtensionCustomizer.java
View file
Open in desktop

This file was deleted.

150 changes: 0 additions & 150 deletions apiserver/src/main/java/org/dependencytrack/config/templating/ConfigTemplateRenderer.java
View file
Open in desktop

This file was deleted.

Loading
Loading