vestibule

module
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2019 License: GPL-3.0

README

vestibule

A gosu port which will load secrets from various secrets backends into the environment before exec'ing your baby. Vault and / or Sops

Providers

Enable providers by setting VEST_PROVIDERS in the environment before running vest

Available providers:

Usage

Usage: vest user-spec command [args]
   eg: vest myuser bash
       vest nobody:root bash -c 'whoami && id'
       vest 1000:1 id

  Environment Variables:

    VAULT_PROVIDERS=provider1,...
      Comma separated list of enabled providers. By default only vault is enabled.

    SOPS_FILES=/path/to/file[;/path/to/output[;mode]]:...
      If SOPS_FILES is set, will iterate over each file (colon separated), attempting to decrypt with Sops.
      The decrypted cleartext file can be optionally written out to a separate location (with optional filemode)
      or will be parsed into a map[string]string and injected into Environ

    VAULT_KEYS=/path/to/key[@version]:...
      If VAULT_KEYS is set, will iterate over each key (colon separated), attempting to get the secret from Vault.
      Secrets are pulled at the optional version or latest, then injected into Environ. If running in Kubernetes,
      the Pod's ServiceAccount token will automatically be looked up and used for Vault authentication.

    VAULT_*
      All vault client configuration environment variables are respected.
      More information at https://www.vaultproject.io/docs/commands/#environment-variables

    EJSON_FILES=/path/to/file1:...
    EJSON_KEYS=pubkey;privkey:...
      If EJSON_FILES is set, will iterate over each file (colon separated), attempting to decrypt using keys
      from EJSON_KEYS. If EJSON_FILES is not set, will look for any .ejson files in CWD. Cleartext decrypted
      json will be parsed into a map[string]string and injected into Environ.

    DOTENV_FILES=/path/to/file1:...
      if DOTENV_FILES is set, will iterate over each file, parse and inject into Environ. If DOTENV_FILES is
      not set, will look for any .env files in CWD.

vest version: 0.0.1 (go1.11.4 on linux/amd64; gc)
vest license: GPL-3 (full text at https://github.com/lumoslabs/vestibule)

Directories

Path Synopsis
cmd
vest
pkg
environ
environ/providers/dotenv
environ/providers/ejson
environ/providers/sops
environ/providers/vault

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.