feat: Add Secrets Store integration with Container helper methods #84
Conversation
Talador12
commented
Sep 7, 2025
Talador12
commented
- Add SecretsStoreBinding interface and secretsStoreBindings property to ContainerOptions
- Implement Secrets Store helper methods following established KV/R2 patterns:
- setupSecretsStoreBindingEnvironment(): Generate environment variables
- getSecretsStoreBindingInfo(): Detailed binding information
- validateSecretsStoreBindingEnvironment(): Validation with error reporting
- getSecretsStoreBindingSummary(): Concise summary for logging
- autoDetectSecretsStoreBindings(): Auto-detection from environment
- Integrate Secrets Store environment variables into container start configuration
- Follow established UX patterns for minimal user code
- Add SecretsStoreBinding interface and secretsStoreBindings property to ContainerOptions - Implement Secrets Store helper methods following established KV/R2 patterns: - setupSecretsStoreBindingEnvironment(): Generate environment variables - getSecretsStoreBindingInfo(): Detailed binding information - validateSecretsStoreBindingEnvironment(): Validation with error reporting - getSecretsStoreBindingSummary(): Concise summary for logging - autoDetectSecretsStoreBindings(): Auto-detection from environment - Integrate Secrets Store environment variables into container start configuration - Add comprehensive test coverage with Jest configuration - Install @types/jest dependency and create proper test mocks - Add 17 comprehensive tests covering all Secrets Store functionality - Follow established UX patterns for minimal user code
Talador12
force-pushed
the
feature/secrets-store
branch
from
de8fa4d to
aad674b
Compare
There was a problem hiding this comment.
how does this actually provide access to the secret value from within the container?
is the idea that users are supposed to use the REST API to query secret store? if that's the case, what's the benefit of this over the user just passing in the secret store id and secret name themselves? why is the binding name being passed through? we can't natively access bindings from within a container.
| // Look for Secrets Store binding properties in the environment | ||
| for (const [key, value] of Object.entries(env)) { | ||
| // Check if this property looks like a Secrets Store binding | ||
| if (value && typeof value === 'object' && 'get' in value && typeof value.get === 'function') { |
There was a problem hiding this comment.
I don't know if you can detect a binding is a secret store from the runtime, but its definitely not this simple.
This will return loads of other things, KV namespaces, service bindings etc.
probably the closes thing is to check value.constructor.name - that'll work for KV and R2, but not secret store though.
| // For auto-detection, we'll use sensible defaults based on the binding name | ||
| secretsStoreBindings.push({ | ||
| binding: key, | ||
| storeId: `auto-detected-store-${key.toLowerCase()}`, |
There was a problem hiding this comment.
that's not ever going to correspond to an actual secret store id?
