Skip to main content

Module secret_resolver

mz_deploy

Module secret_resolver 

Source
Expand description

Client-side secret resolution for mz-deploy.

Secret values in SQL files may reference client-side providers like env_var('MY_VAR') instead of inline string literals. This module resolves those references at execution time (not compile time), so mz-deploy compile works without access to secrets.

Unknown functions and other expressions pass through unchanged to Materialize.

§Providers

Each provider is a submodule that implements SecretProvider:

  • env_var::EnvVarProvider — reads from environment variables
  • aws_secret::AwsSecretProvider — reads from AWS Secrets Manager
  • aws_secret::UnconfiguredAwsProvider — placeholder when aws_profile is not set

Modules§

aws_secret 🔒
AWS Secrets Manager secret provider.
env_var 🔒
Environment variable secret provider.
json_field 🔒
Shared helper for extracting a top-level string field from a JSON secret.

Structs§

SecretResolver 🔒
Resolves client-side secret provider functions in SQL expressions.

Enums§

SecretResolveError
Errors that can occur during secret resolution.

Traits§

SecretProvider 🔒
A provider that can resolve secret values from an external source.

Functions§

format_arg_range 🔒
Render an accepted-args range for error messages.