@@ -89,7 +89,9 @@ async def _get_credentials_async(credential_guid: str) -> Dict[str, Any]:
8989 credential_guid , StateType .CREDENTIALS
9090 )
9191
92- credential_source_str = credential_config .get ("credentialSource" , "direct" )
92+ credential_source_str = credential_config .get (
93+ "credentialSource" , CredentialSource .DIRECT .value
94+ )
9395 try :
9496 credential_source = CredentialSource (credential_source_str )
9597 except ValueError :
@@ -157,20 +159,34 @@ def _fetch_single_key_secrets(
157159 logger .debug ("Single-key mode: fetching secrets per field" )
158160 collected = {}
159161 for field , value in credential_config .items ():
160- if not isinstance (value , str ):
161- continue
162- try :
163- single_secret = cls .get_secret (value )
164- if single_secret :
165- for k , v in single_secret .items ():
166- # Only filter out None and empty strings, not all falsy values.
167- # This preserves valid secret values like False, 0, 0.0 which are
168- # legitimate secret values that should not be excluded.
169- if v is None or v == "" :
170- continue
171- collected [k ] = v
172- except Exception as e :
173- logger .debug (f"Skipping '{ field } { value } { e } )
162+ if isinstance (value , str ):
163+ try :
164+ single_secret = cls .get_secret (value )
165+ if single_secret :
166+ for k , v in single_secret .items ():
167+ # Only filter out None and empty strings, not all falsy values.
168+ # This preserves valid secret values like False, 0, 0.0 which are
169+ # legitimate secret values that should not be excluded.
170+ if v is None or v == "" :
171+ continue
172+ collected [k ] = v
173+ except Exception as e :
174+ logger .debug (f"Skipping '{ field } { value } { e } )
175+ elif field == "extra" and isinstance (value , dict ):
176+ # Recursively process string values in the extra dictionary
177+ for extra_key , extra_value in value .items ():
178+ if isinstance (extra_value , str ):
179+ try :
180+ single_secret = cls .get_secret (extra_value )
181+ if single_secret :
182+ for k , v in single_secret .items ():
183+ if v is None or v == "" :
184+ continue
185+ collected [k ] = v
186+ except Exception as e :
187+ logger .debug (
188+ f"Skipping 'extra.{ extra_key } { extra_value } { e }
189+ )
174190 return collected
175191
176192 @classmethod
@@ -213,16 +229,11 @@ def resolve_credentials(
213229 # Apply the same substitution to the 'extra' dictionary if it exists
214230 if "extra" in credentials and isinstance (credentials ["extra" ], dict ):
215231 for key , value in list (credentials ["extra" ].items ()):
216- if isinstance (value , str ):
217- if value in secret_data :
218- credentials ["extra" ][key ] = secret_data [value ]
219- elif value in secret_data .get ("extra" , {}):
220- credentials ["extra" ][key ] = secret_data ["extra" ][value ]
232+ if isinstance (value , str ) and value in secret_data :
233+ credentials ["extra" ][key ] = secret_data [value ]
221234
222235 return credentials
223236
224- # Dapr secret interactions
225-
226237 @classmethod
227238 def get_deployment_secret (cls , key : str ) -> Any :
228239 """Get a specific key from deployment configuration in the deployment secret store.
@@ -368,7 +379,6 @@ def _handle_single_key_secret(cls, key: str, value: Any) -> Dict[str, Any]:
368379 return parsed
369380 except Exception :
370381 pass
371- return {key : value }
372382 return {key : value }
373383
374384 @classmethod
0 commit comments