[Enhancement] Manual Secret Refresh
Closed this issue · 4 comments
It would be useful to be able to manually refresh a secret. I've forked the project and have made changes so I can use it myself in a custom version. I'm curious to hear if there's a better way. If that is useful here, I can open a PR with my changes. Here is what I did:
Use Case
Say some credentials need to be validated against that in AWS secrets manager. Using this library, the encapsulating application will usually get cached values if available, which is good. However, if the secret that is being validated does not match what this library's cache has, it would be useful to then manually refresh. This way one would be ensuring the secret is validated against the latest when needed without having to lower the refresh interval.
With the modifications below one can run:
if validation_failed:
cache.refresh_secret('secret_name')
validate(my_secret, 'secret_name')Modifications
Add manual_refresh() to SecretCacheObject in cache/items.py:
def manual_refresh(self):
"""Refresh the cached object manually.
:rtype: None
:return: None
"""
self._refresh_needed = False
try:
self._set_result(self._execute_refresh())
self._exception = None
self._exception_count = 0
except Exception as e:
self._exception = e
delay = self._config.exception_retry_delay_base * (
self._config.exception_retry_growth_factor ** self._exception_count
)
self._exception_count += 1
delay = min(delay, self._config.exception_retry_delay_max)
self._next_retry_time = datetime.utcnow() + timedelta(milliseconds=delay)Add refresh_secret() to SecretCache in secret_cache.py:
def refresh_secret(self, secret_id):
"""Refresh the given secret.
:type secret_id: str
:param secret_id: The secret identifier
:rtype: None
:return: None
"""
secret_object = self._get_cached_secret(secret_id)
secret_object.manual_refresh()Thank you for your feedback. We have noted this as a feature request.
Is there an update to this? Is this implemented now?
is anyone working on this?