Connectors often connect to external entities such as databases, message brokers, or APIs that require a confidential authentication key.

Connectors offers this facility through secrets.


Use Secrets

Deploy connectors with a --secrets flag to pass a file with the secrets definitions:

$ cdk deploy start --config sample-config.yaml --secrets secrets.txt

In the secrets file, you should define a secret per line in the format SECRET_NAME=SECRET_VALUE:


Code to indicate that a connector config parameter can contain a secret should use the SecretString type. This allows the parameter to receive secrets which are not printable to logs.

use fluvio_connector_common::{connector, secret::SecretString};

#[connector(config, name = "myconnector")]
pub(crate) struct MyconnectorConfig {
    /// A parameter receiving a secret string
    pub a_param: SecretString,


This allows a config file to provision secrets to the connector.

# config-example.yaml
apiVersion: 0.1.0
  version: 0.3.0
  name: instancename
  type: my-connector
  topic: atopicname
  create-topic: true
    - name: SECRET_NAME
  a_param: "${{ secrets.SECRET_NAME }}_${{ secrets.SECRET_NAME_2 }}"

More extensive examples of secrets in connectors can be seen in use with the Http Source connector and its repo

In the next section we’ll publish our connector to the Hub.



  1. Generate a Connector
  2. Build and Test
  3. Start and Shutdown
  4. Troubleshooting
  5. Secrets
  6. Publish to Connector Hub
  7. Use Examples in Github