Skip to content

feat(generators): add hex generator#5314

Merged
Skarlso merged 8 commits intoexternal-secrets:mainfrom
unique-jakub:feat/add-hex-generator
Oct 17, 2025
Merged

feat(generators): add hex generator#5314
Skarlso merged 8 commits intoexternal-secrets:mainfrom
unique-jakub:feat/add-hex-generator

Conversation

@unique-jakub
Copy link
Copy Markdown
Contributor

@unique-jakub unique-jakub commented Sep 14, 2025

Problem Statement

Users needed a way to generate cryptographically secure hexadecimal strings for use in Kubernetes secrets. The existing generators (UUID, Password) didn't provide pure hex string output - UUID generates formatted UUIDs with dashes, and Password generates mixed character sets. There was no dedicated generator for pure hex strings that could be used for API keys, tokens, or other hexadecimal identifiers.

Proposed Changes

Added a new Hex generator to the external-secrets project that provides:

  • Configurable length - any number of hex characters
  • Case control - uppercase (A-F) or lowercase (a-f) output
  • Optional prefix support (e.g., "0x" for hex literals)

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

@github-actions github-actions bot added kind/feature Categorizes issue or PR as related to a new feature. area/generators kind/documentation Categorizes issue or PR as related to documentation. size/l and removed kind/feature Categorizes issue or PR as related to a new feature. area/generators labels Sep 14, 2025
@unique-jakub
add hex generator
1809fe5 
Signed-off-by: unique-jakub <jakub@unique.ch>
@github-actions github-actions bot added area/generators kind/feature Categorizes issue or PR as related to a new feature. labels Sep 14, 2025
@gusfcarvalho
Copy link
Copy Markdown
Member

gusfcarvalho commented Sep 14, 2025

Can't this be a feature on password generator to select the desired alphabet?

@moolen
Copy link
Copy Markdown
Member

moolen commented Sep 14, 2025

Agree with @gusfcarvalho , i would rather put it in the password generator

@unique-jakub
Revert "add hex generator"
a33629e 
This reverts commit 1809fe5.

Signed-off-by: unique-jakub <jakub@unique.ch>
@unique-jakub
add encoding option to password generator
b0d6375 
Signed-off-by: unique-jakub <jakub@unique.ch>
gusfcarvalho
gusfcarvalho reviewed Sep 15, 2025
View reviewed changes
@unique-jakub
make reviewable
8bee144 
Signed-off-by: unique-jakub <jakub@unique.ch>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Sep 15, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

jakobmoellerdev
jakobmoellerdev reviewed Sep 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jakobmoellerdev jakobmoellerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this probably kills scope here, but: I dont think we should ad format-specific fields to password spec. I believe at some point we reach the natural domain of templating languages. many custom formats we could support via templating languages without inflating the API specification. I won't block the PR but I really think we should think about something like go templating or cue or whatever. happy to hear other opinions though

apis/generators/v1alpha1/types_password.go
// - "hex": hexadecimal encoding
// +kubebuilder:default="raw"
// +kubebuilder:validation:Enum=base64;base64url;base32;hex;raw
Encoding *string `json:"encoding,omitempty"`
Copy link
Copy Markdown
Contributor

@jakobmoellerdev jakobmoellerdev Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be an own Type EncodingPolicy.

@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Oct 17, 2025

@jakobmoellerdev I think you're right, but I also think that indeed it is a huge scope creep so I would create a separate issue for that. :)

Skarlso
Skarlso previously approved these changes Oct 17, 2025
View reviewed changes
Skarlso and others added 2 commits October 17, 2025 15:07
@Skarlso
Merge branch 'main' into feat/add-hex-generator
f8dbc08
@Skarlso
run make check-diff
88a1ffa 
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Oct 17, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Skarlso Skarlso merged commit 3b222ff into external-secrets:main Oct 17, 2025
30 checks passed
SamuelMolling pushed a commit to SamuelMolling/external-secrets that referenced this pull request Oct 24, 2025
@unique-jakub @Skarlso @SamuelMolling
feat(generators): add hex generator (external-secrets#5314)
1983837 
* add hex generator

Signed-off-by: unique-jakub <jakub@unique.ch>

* Revert "add hex generator"

This reverts commit 1809fe5.

Signed-off-by: unique-jakub <jakub@unique.ch>

* add encoding option to password generator

Signed-off-by: unique-jakub <jakub@unique.ch>

* make reviewable

Signed-off-by: unique-jakub <jakub@unique.ch>

* run make check-diff

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: unique-jakub <jakub@unique.ch>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <skarlso777@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Samuel Molling <samuelmolling@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gusfcarvalho gusfcarvalho gusfcarvalho left review comments

@jakobmoellerdev jakobmoellerdev jakobmoellerdev left review comments

@Skarlso Skarlso Skarlso approved these changes

Assignees

No one assigned

Labels

area/generators kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. size/l size/m

Projects

External Secrets
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@unique-jakub @gusfcarvalho @moolen @Skarlso @jakobmoellerdev