The external credential addon (used to integrate with secrets managers like HashiCorp Vault) currently requires a ".so" executable; which means the code written must be done in c/c++. Most modern-day systems that require a custom integration (where the business needs to provide a 'middle-man' script), accept more human-friendly languages like python, bash, java/JS, c#, etc. I believe the replicate product itself is written in a c-based language, so the biggest road-block is ensuring that the information returned from the executable can be properly ingested.
Instead of a large c-based frame, perhaps the addon could be more generalized to accept a specific returned value:
1) addon is invoked when 'lookup' is noted
2) addon (in the background) executes the given 'middle-man' script to retrieve a credential (necessary library paths can be included in the site_arep_login.sh file), passing the lookup value as an argument
3) middle-man script performs it's magic, and pulls the desired secret (this would be out-of-scope for Qlik)
4) addon reads returned data from script in a VERY specific format. For example, a JSON string with a single key/value pair
5) addon internally copies provided secret to proper location in memory, and cleans up after itself.
As it stands, I currently have to do this process today, as the linux CLI we use for integrating with our secrets manager does NOT support a c-script. My c-script simply calls a bash-script, reads back a very specific returned value, and updates the necessary pointers. Forcing a c-program can provide multiple roadblocks due to complexity of the language, memory management, and being a "one-off" compared to standard operating procedures across other platforms.