Harp
Harp is for Harpocrates (Ancient Greek: Ἁρποκράτης) the god of silence, secrets
and confidentiality in the Hellenistic religion. - Wikipedia
New to harp, let's start with onboarding tutorial !
TL;DR - Features overview
Harp provides :
- An automation compatible secret management implementation
- CI/CD integration;
- Human readable definitions (YAML);
- Auditable and reproductible pipelines.
- A secret container specification to store and manipulate data;
- A container manipulation library exposed as
github.com/elastic/harp/pkg/bundle
;
- An extensible CLI tool.
And allows :
- bundle level operations
- Create a container from scratch / template / json (more via plugins);
- Read value stored in the K/V virtual filesystem;
- Update the K/V virtual filesystem;
- Delete keys.
- immutable container level operations
- Seal / Unseal a container for integrity and confidentiality property conservation;
- Generate a complete set of data using a YAML Descriptor (
BundleTemplate
);
- Reproductible patch applied on immutable container (copy-on-write);
- Import / Export to Vault.
License
harp
artifacts and source code is released under Apache 2.0 Software License.
Homebrew install
Download a release or build from source.
For stable version
brew tap elastic/harp
brew install elastic/harp/harp
brew install elastic/harp/harp-server
Build instructions
Download a release or build from source.
First time
Check your go version
Only last 2 minor versions of a major are supported.
Harp
is compiled with :
$ go version
go version go1.15.6 darwin/amd64
Simple go version manager - https://github.com/stefanmaric/g
Install mage
Mage is an alternative to Make where language used is Go.
You can install it using 2 different methods.
From source
# Install mage
git clone https://github.com/magefile/mage
cd mage
go run bootstrap.go
From brew formula
brew install mage
Clone repository
git clone git@github.com:elastic/harp.git
# Go to tools submodule
cd harp/tools
# Pull tools sources, compile them and install executable in tools/bin
mage
Daily
export PATH=$HARP_REPO/tools/bin:$PATH
# Build harp in bin folder
mage
Docker
For Tools
You have to build this image before executing artifact pipelines.
mage docker:tools
For CLI
# or docker image [distroless:static, rootless, noshell]
mage docker:harp
# To execute in the container
docker run --rm -ti --read-only elastic/harp:<version>
For container server
# or docker image [distroless:static, rootless, noshell]
mage docker:harpServer
# To execute in the container
docker run --rm -ti --read-only elastic/harp-server:<version>
Here is the list of external projects used as inspiration :