OpenMetadata/openmetadata-docs/content/v1.7.x/deployment/secrets-manager/how-to-add-a-new-implementation/index.md

title	slug	collate
Secrets Manager	/deployment/secrets-manager/how-to-add-a-new-implementation	false

How to add a new implementation

If we want to create our implementation of a Secrets Manager, we can do it in 3 simple steps.

1. Update the JSON schema

Create a new entry in the JSON schema definition of the Secrets Manager provider inside the enum property.

{
  "$id": "https://open-metadata.org/schema/entity/services/connections/metadata/secretsManagerProvider.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Secrets Manager Provider",
  "description": "OpenMetadata Secrets Manager Provider. Make sure to configure the same secrets manager providers as the ones configured on the OpenMetadata server.",
  "type": "string",
  "javaType": "org.openmetadata.schema.services.connections.metadata.SecretsManagerProvider",
  "enum": ["noop", "managed-aws","aws", "managed-aws-ssm", "aws-ssm", "in-memory", "awesome-sm"],
  "additionalProperties": false
}

You can find this file here in the repository.

2. Update OM Server code

Once we have updated the JSON Schema, we can start implementing our Secrets Manager, extending the ExternalSecretsManager.java abstract class located here. For example:

public abstract class AwesomeSecretsManager extends ExternalSecretsManager {

  protected AwesomeSecretsManager(String clusterPrefix) {
    super(SecretsManagerProvider.AWESOME_SM, clusterPrefix);
  }

  void storeSecret(String secretName, String secretValue) {
    // your implementation
  }
  void updateSecret(String secretName, String secretValue) {
    // your implementation
  }

  String getSecret(String secretName) {
    // your implementation
  }
}

After this, we can update SecretsManagerFactory.java which is a factory class. We can find this file here.

...
    case AWESOME_SM:
      return AwesomeSecretsManager.getInstance(config, clusterName);
...

3. Update Python SDK code

The steps are similar to the Java ones. We have to extend the following ExternalSecretsManager abstract class as it is shown below:

class AwesomeSecretsManager(ExternalSecretsManager, ABC):
    def __init__(
        self,
        cluster_prefix: str,
    ):
        super().__init__(cluster_prefix, SecretsManagerProvider.awesome-sm)

    @abstractmethod
    def get_string_value(self, name: str) -> str:
        # your implementation
        pass

Similar to what we did in step 2, we have to add our implementation to the factory class ExternalSecretsManager that can be found here:

...
    elif secrets_manager_provider == SecretsManagerProvider.awesome-sm:
        return AwesomeSecretsManager(cluster_name)
...

If you need support while implementing your Secret Manager client, do not hesitate to reach out to us on Slack.