Skip to content

feat: Changes to support external cred in CLI#1374

Open
tesmarishy wants to merge 1 commit into
Netcracker:mainfrom
tesmarishy:feature/external-cred-support-cli
Open

feat: Changes to support external cred in CLI#1374
tesmarishy wants to merge 1 commit into
Netcracker:mainfrom
tesmarishy:feature/external-cred-support-cli

Conversation

@tesmarishy
Copy link
Copy Markdown
Contributor

@tesmarishy tesmarishy commented May 19, 2026

Pull Request

Summary

Provide a concise description of what this pull request does and why it is needed.

Changes in EnvGene to support management of Credentials that reside in external secret stores.

Issue

Link to the issue(s) this PR addresses (e.g., Fixes #123 or Closes #456). If no issue exists, explain why this change is necessary.

No Github issue.
EnvGene cannot be used in projects where policy prohibits storing secrets in Git, even in encrypted form.
It is necessary to extend EnvGene to support management of Credentials that reside in external secret stores.

Breaking Change?

  • Yes
  • No

No
If yes, describe the breaking change and its impact (e.g., API changes, behavior changes, or required updates for users).

Scope / Project

Specify the component, module, or project area affected by this change (e.g., docs, actions, workflows).

Effective set job.

Implementation Notes

Provide details on how the change was implemented, including any technical considerations, trade-offs, or notable design decisions. Leave blank if not applicable.

  1. Add mapping support from the new external credential type in credentials.yml to the Credential DTO.
  2. Add mapping support for secret stores to the corresponding DTO.
  3. Read SECRET_FLOW and eso_support from parameters and use them to determine the reference format:
    o ESO references
    o Vals references
  4. Detect parameters using the credRef structure and generate the corresponding ESO or Vals reference.
  5. Populate these generated references into external-credentials.yml under the deployment context.
  6. Populate external-credentials.yml under the external-credential context with:
    o Credentials where create: true
    o Their associated secret stores

Tests / Evidence

Describe how the changes were verified, including:
Testing done in instance pipeline.

  • Tests added or updated (e.g., unit, integration, end-to-end)
  • Manual testing steps or results
  • Screenshots, logs, or other evidence (if applicable)

Additional Notes

Include any extra information, such as:

  • Dependencies introduced
  • Future work or follow-up tasks
  • Reviewer instructions or context
  • References to related PRs or discussions

Leave blank if not applicable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chethana-shastry-p chethana-shastry-p Awaiting requested review from chethana-shastry-p chethana-shastry-p is a code owner

@GlimmerCape GlimmerCape Awaiting requested review from GlimmerCape GlimmerCape is a code owner

@miyamuraga miyamuraga Awaiting requested review from miyamuraga miyamuraga is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tesmarishy