feat(secrets): add AWS Secrets Manager provider

[markphelps]

Summary

• Adds AWS Secrets Manager as a secret provider for Flipt, following the same patterns as the existing GCP Secret Manager provider
• Uses AWS SDK v2 (github.com/aws/aws-sdk-go-v2) to call GetSecretValue and ListSecrets
• Supports configurable region and custom endpoint URL (for LocalStack in testing)
• Includes LocalStack-based integration test for signing workflow

Changes

• internal/config/secrets.go: Added AWSProviderConfig struct with Enabled, Region, EndpointURL fields, validation, and defaults
• internal/coss/secrets/aws/provider.go: AWS Secrets Manager provider implementation with GetSecret and ListSecrets
• internal/secrets/manager.go: Wired AWS provider initialization into the manager
• cmd/flipt/main.go: Added blank import to register the AWS provider
• config/flipt.schema.cue and config/flipt.schema.json: Added AWS provider to configuration schemas
• build/testing/integration.go: Added signing/aws integration test case using LocalStack
• Tests: Full test coverage for config validation, config loading, manager wiring, secret reference resolution, and unit tests

Configuration

secrets:
  providers:
    aws:
      enabled: true
      region: "us-east-1"
      endpoint_url: "http://localhost:4566"  # optional, for LocalStack

Secret references use the format: ${secret:aws:my-secret-name}

[codecov]

Codecov Report

❌ Patch coverage is 58.33333% with 30 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.38%. Comparing base (687a358) to head (076447e).
⚠️ Report is 9 commits behind head on v2.

Files with missing lines	Patch %	Lines
internal/coss/secrets/aws/provider.go	57.62%	22 Missing and 3 partials ⚠️
internal/secrets/manager.go	60.00%	2 Missing and 2 partials ⚠️
internal/config/secrets.go	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##               v2    #5411      +/-   ##
==========================================
- Coverage   60.39%   60.38%   -0.02%     
==========================================
  Files         139      140       +1     
  Lines       13820    13892      +72     
==========================================
+ Hits         8347     8389      +42     
- Misses       4763     4788      +25     
- Partials      710      715       +5     

Flag	Coverage Δ
integrationtests	34.18% <50.00%> (+0.07%)	⬆️
unittests	51.77% <16.66%> (-0.19%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dosubot]

Related Documentation

Checked 4 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}