Add SecureStore method to get just the secret data

Description

The SecureStore interface used by applications has a method to get both the metadata and the secret content in a single call:

This mirrors the SecretManager interface in securestore-spi, which only has a single method to get both the metadata and content.

However, the securekeys API separates out the metadata and content into separate APIs:

In application contexts, the SecureStore interface is usually backed by RemoteSecureStore, which needs to make 2 rest calls in order to return the SecureStoreData object. If the underlying SecretManager implementation needs to fetch both metadata and data in separate calls, then that single SecureStore.get() call in the program results 4 external calls (2 REST calls in RemoteSecureStore, each of which require 2 external calls).

All our current applications only require the data and don't read the metadata. As such, it would be better to extend the SecretManager SPI to have separate methods for getting data and metadata, and to also have separate methods in the SecureStore API.

Release Notes

Removed duplicate backend calls when a program reads from the secure store.

Linked issues

relates to

CDAP-20867

OAuth handler still fetches secure data and metadata instead of just the data.

Activity

Show:

Albert ShauApril 3, 2023 at 7:17 PM

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Albert Shau

Reporter

Albert Shau

Triaged

Yes

Components

Fix versions

6.9.1

Priority

Critical

Created March 30, 2023 at 5:51 PM

Updated October 26, 2023 at 10:10 PM

Resolved April 24, 2023 at 4:08 PM

Configure