[Bug report] OptionValues service doesn't renderingOptions from Key Storage

[SergeyNosko]

Describe the bug
OptionValues service doesn't renderingOptions from Key Storage as expected according to documentation here and here
Example below shows that path to Key Storage secret is passed as arg to script instead of secret value

My Rundeck detail

• Rundeck version: [Rundeck 5.1.0 Elbrus olivedrab camera a1d8105fe44a41 ]
• install type: [deb,docker]
• OS Name/version: [ubuntu 22.04]
• DB Type/version: [mysql]

To Reproduce
Steps to reproduce the behavior:
Example:

$ tree
.
├── zabbix-hostgroup-plugin
│   ├── contents
│   │   └── get_zabbix_hostgroups.py
│   └── plugin.yaml
└── zabbix-hostgroup-plugin.zip

zabbix-hostgroup-plugin/plugin.yaml

name: Custom Rundeck option plugin
version: 1
rundeckPluginVersion: 1.2
author: Author
date: 2024-02-23
providers:
  - name: Zabbix HostGroup
    service: OptionValues
    plugin-type: script
    script-interpreter: /usr/bin/python3
    script-file: get_zabbix_hostgroups.py
    script-args: ${config.zabbix_url} ${config.zabbix_api_token}
    mergeEnvironment: false
    config:
      - name: zabbix_url
        type: Select
        title: Zabbix URL
        description: Provide a predefined list of options
        values: "zabbix-frontend:8080"
        default: "zabbix-frontend:8080"
      - name: zabbix_api_token
        type: String
        title: Zabbix API token
        description: Securely pass zabbix API token to the script
        values: "zabbix_api_token"
        default: keys/project/Zabbix_Inventory/zabbix_api_token
        renderingOptions:
          selectionAccessor: "STORAGE_PATH"
          valueConversion: "STORAGE_PATH_AUTOMATIC_READ"
          storage-path-root: "keys"

zabbix-hostgroup-plugin/contents/get_zabbix_hostgroups.py:

import os
import sys
import logging
from zabbix_utils import ZabbixAPI
logging.basicConfig(filename='/tmp/debug.log',
                    filemode='a',
                    format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s',
                    datefmt='%H:%M:%S',
                    level=logging.DEBUG)

logging.info("Running Debug")
for name, value in os.environ.items():
    logging.info("{0}: {1}".format(name, value))

Debug output

rundeck@d8105fe44a41:~/$ cat /tmp/debug.log 
19:38:14,479 root INFO Running Debug
19:38:14,480 root INFO RD_PLUGIN_BASE: /home/rundeck/libext/cache/zabbix-hostgroup-plugin
19:38:14,480 root INFO RD_PLUGIN_FILE: /home/rundeck/libext/zabbix-hostgroup-plugin.zip
19:38:14,480 root INFO RD_CONFIG_ZABBIX_URL: zabbix-frontend:8080
19:38:14,480 root INFO RD_PLUGIN_SCRIPTFILE: /home/rundeck/libext/cache/zabbix-hostgroup-plugin/get_zabbix_hostgroups.py
19:38:14,480 root INFO RD_CONFIG_ZABBIX_API_TOKEN: keys/project/Zabbix_Inventory/zabbix_api_token
19:38:14,480 root INFO LC_CTYPE: C.UTF-8
19:38:14,480 root INFO zabbix_url value:
19:38:14,480 root INFO zabbix-frontend:8080
19:38:14,480 root INFO zabbix_api_token value:
19:38:14,480 root INFO keys/project/Zabbix_Inventory/zabbix_api_token

Expected behavior
According to documentation it suppose to work in a following way:

 valueConversion: "STORAGE_PATH_AUTOMATIC_READ" tells Rundeck to interpret that string as a path in Key Storage and pass the value of that key to the script. This is how we can securely reference secrets without exposing them to the job users.

Additional context
It might be not implemented yet and is not in lineup with other types of plugins or types of Services. But documentation doesn't separate in such regards plugins and anyhow access to Key Storage from inside of plugin is a crucial security pilar and would be nice to get this fixed/implemented.