Support both plain text and JSON format for Secrets Manager API key #698
Conversation
- Modify get_api_key() to first treat Secrets Manager value as plain text
- If the value looks like JSON (starts with '{' and ends with '}'), parse it and look for common keys (DD_API_KEY, DATADOG_API_KEY)
- If JSON parsing fails or no common key is found, fall back to plain text
- Add test cases for both plain text and JSON formats
|
Thanks for the PR, this is great! However this code path is only taken when the user is not using the datadog lambda extension (which is the default for the last ~3 years), and only when the user is sending custom metrics with the Wanna write some rust? I think we should add this to the extension and release it at the same time as this change. |
|
Thanks! https://docs.datadoghq.com/ja/serverless/aws_lambda/instrumentation/python/?tab=containerimage This documentation appears to be up-to-date, but is this method no longer recommended? |
2 participants
What does this PR do?
This PR enhances the
get_api_key()function to support both plain text and JSON format values from AWS Secrets Manager. Previously, the function only supported plain text values. Now it can handle:DD_API_KEYorDATADOG_API_KEYThe function first treats the secret value as plain text. If the value looks like JSON (starts with
{and ends with}), it attempts to parse it and extract the API key from common key names. If JSON parsing fails or no common key is found, it falls back to treating the value as plain text.Motivation
Some users store their Datadog API keys in Secrets Manager as JSON objects (key-value pairs) rather than plain text. This change makes the library more flexible and compatible with different secret storage formats, improving the developer experience.
Testing Guidelines
Added comprehensive test cases covering:
api_keykeyDD_API_KEYkeyAll tests pass and maintain backward compatibility with existing plain text secrets.
Additional Notes
DD_API_KEY,DATADOG_API_KEYTypes of Changes
Check all that apply