# Secret Providers

## 2.3.0  <a href="#id-230" id="id-230"></a>

* Security: Write maven Descriptors on packaging to avoid incorrect dependencies being identified by security scanner tools. (Fixes CVE-2023-1370).
* Security: Add dependency checking as part of the build process.

### **AES256 Provider**:

* Security: Change AES256 key to PASSWORD type to avoid logging secrets.

### AWS Secrets Manager Provider:

* New property : `file.write`\
  Writes secrets to file on path. Required for Java trust stores, key stores, certs that need to be loaded from file. For ease of use for the secret provider, this is disabled by default.
* New property : `secret.default.ttl`\
  If no TTL is configured in AWS Secrets Manager, apply a default TTL (in milliseconds).
* New property : `aws.endpoint.override`\
  Add override for non-standard or compatible AWS endpoints.
* Enhancement : Ensuring secrets are cached within their TTL (same as Vault).
* Enhancement : Upgraded dependencies to use AWS V2 Client.
* Enhancement : Added AWS STS dependency to avoid the requirement of additional libraries for default authentication (eg. EKS).
* Security: Don’t expose secret values in exception messages on JsonParseException.
* New property : `secret.type`\
  Specify the type of secrets stored in Secret Manager. Defaults to JSON, to enable String secret values to change to STRING.
* Bugfix: enable accessKey and secretKey to remain blank if using DEFAULT auth mode.

### Azure Secret Provider:

* Bugfix: Recompute TTL values on each get so the timestamp of reschedule shrinks until TTL is reached.
* Bugfix: Fix so that UTF-8 encodings in Azure are correctly mapped to the UTF8 encoding in the secret provider.

### Hashicorp Vault Provider:

* Bugfix: Files will be written to the correct directory.
* New property: `app.role.path`\
  Support vault approle custom mount path.
* New property: `kubernetes.auth.path`\
  Support vault custom auth path (with default value to be auth/kubernetes).
* Security: `vault-java-driver` was no longer maintained, switched to use a community fork io.github.jopenlibs
* Add support for the Vault Database credential engine


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lenses.io/latest/connectors/release-notes/secret-providers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.