How to add a new implementation

If we want to create our implementation of a Secrets Manager, we can do it in 3 simple steps.

Create a new entry in the JSON schema definition of the Secrets Manager provider inside the enum property.

  "$id": "",
  "$schema": "",
  "title": "Secrets Manager Provider",
  "description": "OpenMetadata Secrets Manager Provider. Make sure to configure the same secrets manager providers as the ones configured on the OpenMetadata server.",
  "type": "string",
  "javaType": "",
  "enum": ["noop", "managed-aws","aws", "managed-aws-ssm", "aws-ssm", "in-memory", "awesome-sm"],
  "additionalProperties": false

You can find this file here in the repository.

Once we have updated the JSON Schema, we can start implementing our Secrets Manager, extending the abstract class located here. For example:

public abstract class AwesomeSecretsManager extends ExternalSecretsManager {

  protected AwesomeSecretsManager(String clusterPrefix) {
    super(SecretsManagerProvider.AWESOME_SM, clusterPrefix);

  void storeSecret(String secretName, String secretValue) {
    // your implementation
  void updateSecret(String secretName, String secretValue) {
    // your implementation

  String getSecret(String secretName) {
    // your implementation

After this, we can update which is a factory class. We can find this file here.

    case AWESOME_SM:
      return AwesomeSecretsManager.getInstance(config, clusterName);

The steps are similar to the Java ones. We have to extend the following ExternalSecretsManager abstract class as it is shown below:

class AwesomeSecretsManager(ExternalSecretsManager, ABC):
    def __init__(
        cluster_prefix: str,
        super().__init__(cluster_prefix, SecretsManagerProvider.awesome-sm)

    def get_string_value(self, name: str) -> str:
        # your implementation

Similar to what we did in step 2, we have to add our implementation to the factory class ExternalSecretsManager that can be found here:

    elif secrets_manager_provider == SecretsManagerProvider.awesome-sm:
        return AwesomeSecretsManager(cluster_name)

If you need support while implementing your Secret Manager client, do not hesitate to reach out to us on Slack.

Still have questions?

You can take a look at our Q&A or reach out to us in Slack

Was this page helpful?

editSuggest edits