Consistent vault and configuration property handling

[benhid]

(This discussion originated from issue #4648.)

I noticed some inconsistencies in how sensitive application property values are resolved across different extensions.

Currently, we lack a standardized approach for managing secrets. Different extensions seem to handle vault and configuration lookups in slightly different ways, which can lead to confusion (see issue above).

@paullatzelsperger suggested implementing a more uniform strategy for managing sensitive configuration properties. The proposed approach would introduce a standard two-tier configuration resolution method:

For any sensitive property, we would support:

• A primary "alias" property that points to a vault secret
• A fallback direct configuration property with the actual value

For example:

• edc.datasource.default.url.alias would contain the vault secret key
• edc.datasource.default.url would serve as a direct configuration fallback

Might not cover all possible use cases, but it would provide a consistent scheme for most scenarios.

Thank you.

[paullatzelsperger]

The feature was approved in the committers' meeting on Wed, Dec 4th 2024, an issue will be created shortly.

[paullatzelsperger]

#4656