- Notifications
You must be signed in to change notification settings - Fork2
articulate/docker-bootstrap
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Load values from Consul and Vault as environment variables.
Download thelatest release,add it to your image, and set it as yourENTRYPOINT.
If you are using Buildkit you can use theTARGETARCH arg toADD the correctarchitecture.
ARG TARGETARCHADD --chmod=755 https://github.com/articulate/docker-bootstrap/releases/latest/download/docker-bootstrap_linux_${TARGETARCH} /entrypointENTRYPOINT [ "/entrypoint" ]To load values from Consul's KV store, you will need to setCONSUL_ADDR. Itwill load keys from the following paths, using the basename as the variable name:
global/env_vars/*global/${SERVICE_ENV}/env_vars/*services/${SERVICE_NAME}/env_vars/*services/${SERVICE_NAME}/${SERVICE_ENV}/env_vars/*
For example,consul kv put services/foo/env_vars/API_SERVICE_URI https://api.priv/v1will load an environment variableAPI_SERVICE_URI=https://api.priv/v1.
Any environment variables set previous to calling the script, will not change.Paths later in the list will overwrite any previous values. For example,global/env_vars/FOO will be overwritten byservice/my-service/env_vars/FOO.
To load values from Vault, you will need to setVAULT_ADDR and authenticate withVault (see below). Values from vault will use thevalue key as the variable value.Values are read from the following paths:
secret/global/env_vars/*(instageorprod)secret/global/${SERVICE_ENV}/env_vars/*secret/services/${SERVICE_NAME}/env_vars/*(instageorprod)secret/services/${SERVICE_NAME}/${SERVICE_ENV}/env_vars/*
For example,vault write secret/services/foo/env_vars/API_KEY value=secretkey will loadan environment variableAPI_KEY=secretkey. Values from Vault will overwriteConsul values, but follow the same rules otherwise.
Vault Authentication
You can authenticate with Vault in one of the following ways:
- Set
VAULT_TOKEN - If running on Kubernetes, use the Kubernetes auth method in Vault
- If running on AWS ECS or Lambda, use the AWS IAM auth method
- If Vault role does not match IAM role, set with
VAULT_ROLE
- If Vault role does not match IAM role, set with
If you want to ensure some environment variables exist before running your command,you can include a JSON file calledservice.json in the working directory. Theentrypoint will parse this file and check that the configured environment variablesexist and are not empty.
{"dependencies": {"env_vars": {"required": ["FOO","BAR" ],"optional": ["BAZ" ] } }}If any optional environment variables are missing, it will log that, but continueto run.
If any required environment variables are missing, it will log that and then exitwith an exit code of 4.
You'll need to install the following:
- Go
- golangci-lint (
brew install golangci-lint) - pre-commit (
brew install pre-commit) - GoReleaser (optional)
Setup the build environment withmake init. Run tests withmake test and lintcode withmake lint.
When committing, you'll need to follow theConventional Commitsformat. You can install a tool likegit-czorcommitizen.
To create a release, create a tag that followssemver. AGitHub Action workflow will take care of creating the release.
About
Load values from Consul and Vault as environment variables
Topics
Resources
Security policy
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Uh oh!
There was an error while loading.Please reload this page.