feat: dnssec load keys from AWS Secrets Manager (#6618)

feat: dnssec load keys from AWS Secrets Manager Signed-off-by: kcolemangt <20099734+kcolemangt@users.noreply.github.com>
2025-10-27 16:24:19 -04:00 · 2024-10-24 14:50:04 -04:00
parent 04d00b0083
commit 7078f1576f
5 changed files with 170 additions and 1 deletions
--- a/plugin/dnssec/setup.go
+++ b/plugin/dnssec/setup.go
@@ -141,6 +141,19 @@ func keyParse(c *caddy.Controller) ([]*DNSKEY, error) {
 			}
 			keys = append(keys, k)
 		}
+	} else if value == "aws_secretsmanager" {
+		ks := c.RemainingArgs()
+		if len(ks) == 0 {
+			return nil, c.ArgErr()
+		}
+
+		for _, k := range ks {
+			k, err := ParseKeyFromAWSSecretsManager(k)
+			if err != nil {
+				return nil, err
+			}
+			keys = append(keys, k)
+		}
 	}
 	return keys, nil
 }