README
¶
Config Manager
Package used for retrieving application settings from various sources.
Currently supported variable and secrets implementations - AWS SecretsManager and AWS ParameterStore.
The Intended use is within containers to generate required application config that can later be sourced and then read by application at start up time so that e.g. K8s secrets don't need to be used for true "secrets" or jsut to avoid overly large configmaps
Must reference an existing token in a path like format.
GenVars will then write them to a file in this format:
export VAR=VALUE
export VAR2=VALUE2
...
Installation
Major platform binaries here
*nix binary
curl -L https://github.com/dnitsch/configmanager/releases/latest/download/configmanager-linux -o configmanager
MacOS binary
curl -L https://github.com/dnitsch/configmanager/releases/latest/download/configmanager-darwin -o configmanager
chmod +x configmanager
sudo mv configmanager /usr/local/bin
Download specific version:
curl -L https://github.com/dnitsch/configmanager/releases/download/v0.5.0/configmanager-`uname -s` -o configmanager
Usage
configmanager --tokens AWSSECRETS#/appxyz/service1-password --tokens AWSPARAMSTR#/appxyz/service1-password
source app.env
rm -f app.env
./startapp
By default the output path is app.env relative to the exec binary.
This can be overridden by passing in the --path param.
configmanager --token AWSSECRETS#/appxyz/service1-password --token AWSPARAMSTR#/appxyz/service12-settings --path /some/path/app.env
source /some/path/app.env
./startapp # psuedo script to start an application
Alternatively you can set the path as stdout which will reduce the need to save and source the env from file.
!Warning! about eval - if you are retrieving secrets from sources you don't control the input of - best to stick wtih the file approach and then delete the file.
eval "$(configmanager r -t AWSSECRETS#/appxyz/service1-password -t AWSPARAMSTR#/appxyz/service12-settings -p stdout)" && ./.ignore-out.sh
The token is made up of 3 parts:
-
AWSSECRETSthe strategy identifier to choose at runtime -
#separator - used for -
/path/to/parameterthe actual path to the secret or parameter in the target system e.g. AWS SecretsManager or ParameterStore (it does assume a path like pattern might throw a runtime error if not found)
If contents of the AWSSECRETS#/appxyz/service1-password are a string then service1-password will be the key and converted to UPPERCASE e.g. SERVICE1_PASSWORD=som3V4lue
Special AZKVSECRETS
For Azure KeyVault the first part of the token needs to be the name of the vault.
Azure Go SDK (v2) requires the vault Uri on initializing the client
AZKVSECRET#/test-vault//token/1 ==> will use KeyVault implementation to retrieve the /token/1 from a test-vault.
AZKVSECRET#/test-vault/no-slash-token-1 ==> will use KeyVault implementation to retrieve the no-slash-token-1 from a test-vault.
Go API
latest api here
Sample Use case
One of the sample use cases includes implementation in a K8s controller.
E.g. your Custom CRD stores some values in plain text that should really be secrets/nonpublic config parameters - something like this can be invoked from inside the controller code using the generator pkg API.
See examples for more examples and tests for sample input/usage
import (
"context"
"fmt"
"github.com/dnitsch/configmanager/pkg/generator"
"github.com/dnitsch/configmanager"
)
func main() {
cm := &configmanager.ConfigManager{}
cnf := generator.NewConfig()
// JSON Marshal K8s CRD into
exampleK8sCrdMarshalled := `apiVersion: crd.foo.custom/v1alpha1
kind: CustomFooCrd
metadata:
name: foo
namespace: bar
spec:
name: baz
secret_val: AWSSECRETS#/customfoo/secret-val
owner: test_10016@example.com
`
pm, err := cm.RetrieveWithInputReplaced(exampleK8sCrdMarshalled, *cnf)
if err != nil {
panic(err)
}
fmt.Println(pm)
}
Above example would ensure that you can safely store config/secret values on a CRD in plain text.
Beware logging out the CRD after tokens have been replaced.
Help
-
More implementations should be easily added with a specific implementation under the strategy interface
- e.g. AzureKMS or GCP equivalent
-
maybe run as cron in the background to perform a periodic sync in case values change?
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConfigManager ¶
type ConfigManager struct{}
func (*ConfigManager) Insert ¶
func (c *ConfigManager) Insert() error
func (*ConfigManager) Retrieve ¶
func (c *ConfigManager) Retrieve(tokens []string, config generator.GenVarsConfig) (generator.ParsedMap, error)
Retrieve gets a rawMap from a set implementation will be empty if no matches found
func (*ConfigManager) RetrieveWithInputReplaced ¶ added in v1.0.1
func (c *ConfigManager) RetrieveWithInputReplaced(input string, config generator.GenVarsConfig) (string, error)
RetrieveWithInputReplaced parses given input against all possible token strings using regex to grab a list of found tokens in the given string
Source Files
Directories