README
¶
Noble. Config files secret storage.
No more secrets in github/gitlab repo's
TOC
- Basic functionality
- Extension "simplecrypt".Just crypted strings in your config
- Extension "etcdr2".Read from etcd key/value API v2,
- Extention "files".
- Extention "vaultx". Read stored keys from Hashicorp Vault
noble.Secret
Simple string wrapper type for secret storage in config files.
One type with support registration extensions (like a sql driver). Build-in supported storage type prefixes:
- raw - just string (for debug/developing)
- env - read parameter from environment variable (see examples). read once on read from yaml/json
- dynenv - read parameter from environment variable without caching (every time when you call .Get())
YAML config example:
db:
name: "sample"
#just for development - store as is, change store type to scr, env/dynenv in prod
user: 'raw:test:test?/test'
#read password stored in $DB_PASS once (cache value)
pass: env:DB_PASS
#read password stored in $DB_PASS every time
pass2: "dynenv:DB_PASS"
Configure environment example:
export DB_PASS=SomeStrongPassword
Usage example:
package main
import (
"git.ooo.ua/pub/noble"
"gopkg.in/yaml.v2"
)
type testConfig struct {
Db struct {
Name string `yaml:"name"`
User noble.Secret `yaml:"user"`
Pass noble.Secret `yaml:"pass"`
} `yaml:"db"`
Pass2 noble.Secret `yaml:"pass2"`
}
func some(user, pass, pass2 string){
//user == "test:test?/test"
//pass == "SomeStrongPassword"
}
func main(){
var configData []byte
// read config here
var cfg testConfig
if e := yaml.Unmarshal(configData, &cfg);e!=nil{
panic(e)
}
//use config
some(cfg.Db.User.Get(), cfg.Db.Pass.Get(), cfg.Pass2.Get())
}
Extension "simplecrypt"
Add type extension:
- scr - simple crypt value
Yaml config example:
secret: scr:1Y2qKTtkeg5SmboJ970qENd54oBepinL5SF4dujQkY5Ec/J7M3bWQfiWaEPsZaXl4bPAEKoC1i29
where scr - extension prefix
Build and use simplecrypt/encrypter to create key and encrypt values.
NAME:
encrypter - Command line tool for encrypt secrets
USAGE:
encrypter [global options] command [command options] [arguments...]
VERSION:
0.1.12
COMMANDS:
key, k generate new secret key to store in environment variable SCR_PASS
encrypt, e encrypt value by key
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
----------------
NAME:
encrypter encrypt - encrypt value by key
USAGE:
encrypter encrypt [command options] [arguments...]
OPTIONS:
--value value, -v value value to encrypt
--key value, -k value key to encrypt value. [$SCR_PASS]
--key value, -k value key to encrypt value. [$SCR_PASS]
Usage:
Just import package
package main
import _ "git.ooo.ua/pub/noble/simplecrypt"
//....
ETCDR2
Extension for etcd key/value API v2, "etcdr2"
Add type extension:
- etcd2 - read value from selected key stored on ETCD by API v2
Yaml config example:
secret: "etcd2:messages4/test"
secret2: "etcd2:test2"
secret3: "etcd2:messages4/keybox/test"
Store value example:
curl http://127.0.0.1:2379/v2/keys/messages4/test -XPUT -d value="Hello world"
curl http://127.0.0.1:2379/v2/keys/test2 -XPUT -d value="Some very secret value"
curl http://127.0.0.1:2379/v2/keys/messages4/keybox/test -XPUT -d value="One more secret value"
Usage:
Just import package
Extension will be registered automatically
package main
import _ "git.ooo.ua/pub/noble/etcdr2"
//....
Files
Extension "files"
Add type extension:
- file - read first line from text file as secret value
Yaml config example:
secret: "file:/etc/noble/secret.cfg"
Usage:
Just import package
package main
import _ "git.ooo.ua/pub/noble/files"
//....
Vault
Extension "vaultx"
Add type extension:
- vault - read key from secure storage (hashicorp vault) Key format:
/<path>?<key>
For example, stored by command:
vault kv put secret/data/some-secured pass="my long password"
can be read by:
password: "vault:/data/some-secured?pass"
Yaml config example:
secret: "vault:/data?key"
Usage:
Just import package
package main
import (
"git.ooo.ua/pub/noble/vaultx"
"log"
)
//....
func loadConfig(){
vaultx.SetServerAddress("https://vault.server.lan:2345")
if !vaultx.SetTokenEnv("VAULT_TOKEN"){
log.Fatal("environment var VAULT_TOKEN not set")
}
if err := vaultx.InitVault(nil);err!=nil{
log.Fatal(err)
}
//... then load config file
}
It is also possible to configure the following parameters:
vaultx.SetLogger(logEntry): set logrus entry as log source;vaultx.SetServerAddress(address): set vault server address;vaultx.SetSecretPath(path): set vault k/v path. Used secret/data by default;vaultx.SetToken(token): set vault token to loginvaultx.SetTokenEnv(envVarName): set vault token to login from environment var
Documentation
¶
Index ¶
- Variables
- func Register(key string, impl SecretStorage)
- type Secret
- func (sw Secret) Error() string
- func (sw *Secret) Get() string
- func (sw Secret) InternalError() error
- func (sw Secret) New(s string) Secret
- func (sw Secret) ParseError() error
- func (sw *Secret) UnmarshalJSON(data []byte) error
- func (sw *Secret) UnmarshalText(text []byte) error
- func (sw *Secret) UnmarshalYAML(unmarshal func(interface{}) error) error
- type SecretStorage
Constants ¶
This section is empty.
Variables ¶
View Source
var RequiredSecret = &requiredSecretRule{message: "cannot be blank", skipNil: false}
RequiredSecret validation rule
Functions ¶
func Register ¶
func Register(key string, impl SecretStorage)
Register new SecretStorage reader interface
Types ¶
type Secret ¶
type Secret struct {
// contains filtered or unexported fields
}
Secret object
func (*Secret) UnmarshalJSON ¶
UnmarshalJSON read secrets from json
func (*Secret) UnmarshalText ¶
UnmarshalText from text formats
func (*Secret) UnmarshalYAML ¶
UnmarshalYAML read secrets from yaml
type SecretStorage ¶
type SecretStorage interface {
Clone() SecretStorage
Read(path string) (string, error)
}
SecretStorage reader interface
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.