Improve SmallRye Config Secret Keys Handlers documentation in config reference

[michalvavrik]

Description

SmallRye Config Secret Keys Handler is important feature several products are going to use as part of Quarkus. Quarkus Configuration reference shows short example and points SmallRye Config Secret Keys documentation. This is highly opinionated, but as I was getting familiar, these are information I was missing in Quarkus docs (or in SmallRye Config docs and linked with note from Quarkus docs):

• the link Quarkus Config reference points to refers to OOTB handler provided by Jasypt. The SmallRye Config Jasypt is not managed by Quarkus BOM as currently it is not supported in native, but that fact is not documented or mentioned anywhere I could find. Users are not expected to have insider knowledge why is some dependency not managed, there should be documentation note about native support.
• Secret Keys Handler also supports decryption of keystore values (via SmallRye Config Source Keystore), which is useful, however the link Quarkus config reference points to doesn't contain that information. You need to know that you have to go to config sources -> keystore -> lookup property with handler. In case I know to look for this, I probably already know it is supported. This should be linked so that user who reads about the handlers know about their keystore feature.
• both Quarkus and SmallRye docs shows example with aes-gcm-nopadding, however examples doesn't contain note that there is smallrye.config.secret-handler.aes-gcm-nopadding.encryption-key that needs to be set in order for them to work. I realize build fails if it is not and SmallRye contains docs with description of this property, but I would like to make it easier for users. Just set in in the example too.
• aes-gcm-nopadding handler only accepts AES 128 (not 256) which should be documented
• aes-gcm-nopadding secret and encryption key (without padding) must be base 64 encoded, which should be documented

Implementation ideas

No response

[quarkus-bot]

/cc @Ladicek (smallrye), @jmartisk (smallrye), @phillip-kruger (smallrye), @radcortez (smallrye)

[rsvoboda]

@radcortez any plans on this before .Final?

[radcortez]

I'll have a look.

[chengkuangan]

@michalvavrik Would you mind to show an example of a workable sample of how to use this? I tried with the following but it does not seem to decrypt the secret.

application.properties:

my.secret=${aes-gcm-nopadding::DBpUe5hDzj9H81XQpNaxrByHYGK89dLTic6TLfHODL5TK-u42w}
smallrye.config.secret-handler.aes-gcm-nopadding.encryption-key=d2k5aG9hbTFpVjVp

The above values are generated using the following script:

jbang https://raw.githubusercontent.com/smallrye/smallrye-config/main/documentation/src/main/docs/config/secret-handlers/encryptor.java \
-s=mysecret -k=wi9hoam1iV5i

In the application, the retrieved value is not decoded but shows the following when I printed:

@ConfigProperty(name = "my.secret")
    String secret;

Output:

my.secret : :DBpUe5hDzj9H81XQpNaxrByHYGK89dLTic6TLfHODL5TK-u42w

I am using Quarkus platform 2.5.3.Final

What do I miss?

[radcortez]

@chengkuangan can you reconfirm the Quarkus version? Because Secret Key Handlers were only added in Quarkus 3.0.0: #31824

https://github.com/smallrye/smallrye-config/releases/tag/3.2.0

[chengkuangan]

@chengkuangan can you reconfirm the Quarkus version? Because Secret Key Handlers were only added in Quarkus 3.0.0: #31824

https://github.com/smallrye/smallrye-config/releases/tag/3.2.0

@radcortez You are right. Updated to latest Quarkus version and it works. tqvm