Summary

This fixes an issue where directory secret backends failed to resolve secrets organized in subdirectories (e.g., Kubernetes mounted secrets at paths like: /secrets/my-secrets/username).

Vector configuration

[secret.kubernetes_secret]
type = "directory"
path = "/var/run/ocp-collector/secrets"

[sinks.output_http]
type = "http"
uri = "http://localhost:8090"
method = "post"

[sinks.output_http.auth]
strategy = "basic"
user = "SECRET[kubernetes_secret.mysecrets/username]"
password = "SECRET[kubernetes_secret.mysecrets/password]"

How did you test this PR?

• Add unit tests
• Add integration test with nested directory structure

Change Type

• Bug fix
• New feature
• Dependencies
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

Does this PR include user facing changes?

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the no-changelog label to this PR.

References

• Closes: Secret resolution fails for directory backend with path separators with: "No secret placeholder found"  #24780

Notes

• Please read our Vector contributor resources.
• Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
• Some CI checks run only after we manually approve them.
  • We recommend adding a pre-push hook, please see this template.
  • Alternatively, we recommend running the following locally before pushing to the remote branch:
    • make fmt
    • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
    • make test
• After a review is requested, please avoid force pushes to help us review incrementally.
  • Feel free to push as many commits as you want. They will be squashed into one before merging.
  • For example, you can run git merge origin master and git push.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.