bugfix: Return None for inaccessible GCP Secret Manager secrets
#712
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
November 22, 2025 00:12
…date tests to reflect this behavior, and add a test for `list_secrets` error handling.
zaphod72
changed the title
None for inaccessible GCP Secret Manager secrets, update tests to reflect this behavior, and add a test for list_secrets error handling.None for inaccessible GCP Secret Manager secrets
hramezani
reviewed
Nov 22, 2025
| except Exception: | ||
| raise KeyError(key) | ||
| # If we can't access the secret, we return None | ||
| self._loaded_secrets[key] = None |
Member
There was a problem hiding this comment.
This is a breaking change. Not sure whether this is the correct behaviour.
Probably we can add this behaviour in V2 by a flag that is disabled by default.
@ezwiefel what do you think?
Contributor
Author
There was a problem hiding this comment.
I dug through all the code paths I could find that would get to that point and didn't see where throwing the KeyError would be useful. I certainly could be missing something.
Member
There was a problem hiding this comment.
agree KeyError is not useful. let's merge the PR and see.
hramezani
approved these changes
Nov 24, 2025
Member
|
Thanks @zaphod72 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR modifies the
GoogleSecretManagerSettingsSourceto gracefully handle access errors. Instead of raising aKeyErrorwhen a specific secret cannot be accessed (e.g., due to permission issues), it now returnsNone. This allowspydantic-settingsto continue processing and potentially fall back to default values or other configured settings sources.Changes
GoogleSecretManagerMapping.__getitem__to catch exceptions during secret retrieval and returnNoneinstead of raisingKeyError.test_secret_manager_mapping_getitem_errorto verify thatNoneis returned for inaccessible secrets.test_pydantic_base_settings_with_default_valueto ensure that fields fall back to their default values when the secret source returnsNone.test_secret_manager_mapping_list_secrets_errorto verify that errors during the listing of secrets are still propagated correctly.Motivation
#710
Previously, if the application attempted to access a secret it didn't have permission to view, the settings loading process would crash with a
KeyError. This behavior prevented the use of default values or alternative sources for those fields. By returningNone, we align with the expected behavior where a missing or inaccessible setting allows the next priority source (or default value) to take effect.