mattcasters opened a new pull request, #7496:
URL: https://github.com/apache/hop/pull/7496

   ## Summary
   
   Adds a **Hop Password Variable Resolver** so Hop-encoded passwords 
(`Encrypted …` / `AES2 …`) can be used in free-form expressions that do not 
call `Encr` themselves (for example VFS / SFTP URIs).
   
   - **Resolve argument as a variable name** (default on): 
`#{hop-pwd:SFTP_PASSWORD}` looks up the variable and decrypts its value
   - **Literal mode** (option off): `#{hop-pwd:Encrypted …}` decrypts the 
argument as ciphertext
   - **Fail if variable is not defined** (default off): optional checkbox that 
throws when the named variable is missing so pipelines fail closed
   
   Also adds `integration-tests/resolver` for technology-agnostic resolvers 
(Pipeline Variable Resolver + Hop Password Resolver modes and the 
fail-on-missing case).
   
   This is an interoperability helper for trusted operators, not a 
confidentiality feature. Default Hop encoding remains obfuscation; AES2 or 
secrets managers remain the path for real at-rest protection.
   
   Fixes #7182
   
   ## Test plan
   
   - [x] Unit tests: `HopPasswordVariableResolverTest` (variable name, literal, 
missing var with/without fail flag)
   - [x] Client assembly rebuilt; integration tests run successfully:
   
   ```bash
   integration-tests/scripts/run-tests-docker.sh PROJECT_NAME=resolver
   ```
   
   - [ ] Review docs for Hop Password variable resolver


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to