feat(secretserver): use official secretserver library

[pd-gov]

I discovered that the vendor provides an official library. So I replaced the raw http implementation with that.

Additional changes:

• aligned secret handling with External Secrets Operator
• replaced provider id with tss in code and environment variables.

The changes are tested against an on-prem instance. The library also allows easier use with their cloud offering. Support is implemented but could not be tested.

[pd-gov]

Hm, I don't get the lint issue. The file is formatted using the vs code golang extension.

[Copilot]

Pull request overview

This pull request modernizes the SecretServer provider by migrating from a raw HTTP API implementation to the official Delinea TSS SDK (github.com/DelineaXPM/tss-sdk-go/v3). The provider identifier is changed from "secretserver" to "tss" to align with the SDK naming conventions and External Secrets Operator implementation.

Key Changes:

• Replaced custom HTTP client implementation with the official Delinea TSS SDK v3.0.1
• Changed provider identifier from "secretserver" to "tss" with corresponding environment variable updates (e.g., SECRETSERVER_TOKEN → TSS_TOKEN, SECRETSERVER_URL → TSS_SERVER_URL)
• Enhanced secret lookup capability to support both numeric IDs and secret names, aligning with External Secrets Operator patterns

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
vals.go	Updated provider constant from "secretserver" to "tss" and simplified provider initialization to return error directly
pkg/stringprovider/stringprovider.go	Updated case statement from "secretserver" to "tss" to match new provider identifier
pkg/providers/secretserver/secretserver.go	Complete rewrite using official SDK: replaced ~100 lines of HTTP client code with ~20 lines using the TSS SDK, added support for name-based secret lookup
go.mod	Added dependency on github.com/DelineaXPM/tss-sdk-go/v3 v3.0.1
go.sum	Added checksums for the new TSS SDK dependency
README.md	Updated documentation with new TSS_* environment variables, improved configuration examples for both on-prem and cloud deployments, and added limitations section

[Copilot]

The else branch is unnecessary after a return statement. The code can be simplified by removing the else and unindenting the error return, which improves readability and follows Go best practices.

[yxxhero]

@copilot open a new pull request to apply changes based on this feedback

[yxxhero]

and a blank line.

[yxxhero]

@pd-gov

[yxxhero]

@pd-gov why change secretserver to tss? this is a beaking change?

[pd-gov]

I tried to align the naming scheme with that used by the vendor. I though this was Okay, since the Provider was introduced just a few days ago.

[pd-gov]

@yxxhero I can change it back if you prefere

[yxxhero]

@pd-gov maybe we can add alias. like : case "tss" "secretserver"

[yxxhero]

@pd-gov Or add some notes?

[pd-gov]

@yxxhero What do you mean by adding notes? In the readme?

My assumption was, that no one was actually using the secretserver provider yet, since I added it just before Christmas. To bad there already is a release containing the longer name.

[yxxhero]

@pd-gov you are right. so we can use new name. I will add the changes in the release notes.

[pd-gov]

@yxxhero The current version contains your proposed aliases. Should I keep that in for backwards compatibility?

[yxxhero]

@pd-gov Using new name is ok.

[pd-gov]

@yxxhero Okay, I removed the alias again.