- Issue created by @Odai Atieh
The current implementation of setKeyValue() always tries to create a new secret using createSecret(), even when the secret already exists in AWS. This results in errors and logs when trying to set a value for an existing secret, especially when using structured secrets (i.e., JSON).
Additionally, the logic for retrieving secrets and their properties is coupled and ambiguous:
- getKeyPropertyValue() does not clearly distinguish between a missing secret and a missing property.
- Thereβs no robust handling of secrets that exist but have no value.
- When dealing with structured secrets (e.g., JSON objects), partial updates (e.g., updating a single property) are not supported or validated properly.
1- In AWS Secrets Manager, create a secret named my-api-secret with a valid value (or even empty string).
2- In Drupal, create a Key using this secret and enable "Read only" mode.
3- Try saving or updating the key in Drupal.
4- In writable mode, try updating the key's value.
Expected:
- Drupal should be able to retrieve the secret and its property accurately.
- If writable, Drupal should update the existing secret instead of trying to create it again.
Actual:
- It always attempts to create the secret, resulting in an error if it already exists.
- There is no logic to update existing secrets (putSecretValue() is never called).
- If the secret exists but is empty, it is treated as if it doesn't exist.
Active
2.1
Code