cf-push-with-vault
cf plugin to push cf app with vault
How to install
Download from Releases · cappyzawa/cf-push-with-vault
$ tar -zxvf cf-push-with-vault_*.tar.gz
$ cf install-plugin -f ./cf-push-with-vault
How to use
$ cf push-with-vault -h
NAME:
push-with-vault - This enable to use (( )) place holders in manifest files. (( )) are evaluated by vault
USAGE:
$ cf push-with-vault
OPTIONS:
--file Path to manifest (default: ./manifest.yml)
--path-prefix Path under which to namespace credential lookup
--vault-addr Address of the Vault server expressed as a URL and port, for example: https://127.0.0.1:8200/. (default: "VAULT_ADDR" env)
--vault-token Vault authentication token. (default: "VAULT_TOKEN" env)
Examples
If you want to push cf app has follow manifest with vault.
---
applications:
- name: APP-ONE
path: ./APP-ONE-DIRECTORY
env:
bar: ((/foo/bar))
You must set /foo/bar
to vault with value
field. (inspired by Credential lookup rules)
$ vault write /foo/bar value="cred"
This plugin can only KV Secrets Engine - Version 1
$ export VAULT_ADDR=https://your.vault.address
$ export VAULT_TOKEN=xxxxxxxxxxxx
$ cf push-with-vault --path-prefix=/foo -f manifest.yml