Skip to content

fix: update aws sm sync to properly handle key schema when using many-to-one mapping#5381

Merged
akhilmhdh merged 1 commit intomainfrom
fix-aws-sm-sync-with-key-schema
Feb 6, 2026
Merged

fix: update aws sm sync to properly handle key schema when using many-to-one mapping#5381
akhilmhdh merged 1 commit intomainfrom
fix-aws-sm-sync-with-key-schema

Conversation

@scott-ray-wilson
Copy link
Contributor

@scott-ray-wilson scott-ray-wilson commented Feb 5, 2026

Context

This PR fixes aws secrets manager sync, import and deletion behavior when using a key schema with many-to-one mapping sync option

Screenshots

N/A

Steps to verify the change

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Verify syncing, importing and removing secrets with and without a key schema when using many-to-one mapping works as expected

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).

  • Tested locally

  • Updated docs (if needed)

  • Read the contributing guide

@maidul98
Copy link
Collaborator

maidul98 commented Feb 5, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 5, 2026

Greptile Overview

Greptile Summary

Fixed AWS Secrets Manager sync to properly handle key schemas when using many-to-one mapping behavior. The key changes:

  • In many-to-one mode, the key schema is now correctly applied to the secret name itself (not individual keys within the JSON)
  • The unmodifiedSecretMap parameter was added to preserve original key names for the JSON value structure
  • Early return added in getSecrets to prevent incorrect schema stripping for many-to-one imports
  • Extracted getKeyWithSchema utility function for consistent schema application across sync, import, and delete operations

The fix ensures that when using many-to-one mapping with a key schema like {{environment}}_{{secretKey}}, the schema is applied to the AWS secret name (e.g., prod_my-config) while the JSON content maintains the original key names.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The changes are focused and address a specific bug in schema handling for many-to-one AWS Secrets Manager sync. The logic is clear, consistent, and properly handles the distinction between one-to-one and many-to-one mapping behaviors. No security vulnerabilities or breaking changes introduced.
  • No files require special attention

Important Files Changed

Filename Overview
backend/src/services/secret-sync/aws-secrets-manager/aws-secrets-manager-sync-fns.ts Fixed many-to-one mapping to apply key schema to secret name and use unmodified secret map for values
backend/src/services/secret-sync/secret-sync-fns.ts Extracted getKeyWithSchema utility and added early return for many-to-one to skip schema stripping

@akhilmhdh akhilmhdh merged commit 11e0498 into main Feb 6, 2026
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akhilmhdh akhilmhdh akhilmhdh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@scott-ray-wilson @maidul98 @akhilmhdh