Parse store variables and secrets¶
Whenintegrating with commercetoolsMACH composer makes it possible to definestore specific variables and secrets.
You could have for example the following configuration
component:-my-component:variables:FROM_EMAIL:mach@example.comstore_variables:uk-store:FROM_EMAIL:mach@example.co.uknl-store:FROM_EMAIL:mach@example.nlstore_secrets:uk-store:MAIL_API_KEY:5kg6Z4HxgLMfBjYj5BOgnl-store:MAIL_API_KEY:i1hajIJ92LPNYGB2p3W1Incoming format¶
The above example will result in the following variable definition:
ct_stores={uk-store={key="UK"variables={FROM_EMAIL="mach@example.co.uk"}secrets={MAIL_API_KEY="5kg6Z4HxgLMfBjYj5BOg"}}nl-store={key="NL"variables={FROM_EMAIL="mach@example.nl"}secrets={MAIL_API_KEY="i1hajIJ92LPNYGB2p3W1"}}}Using store variables¶
One way of approaching the store variables is to provide them all in yourruntime environment prefixed with the store key.
In your function, depending on the Store context, you can choose whatenvironment setting to use.
In this example, we'd like to set the following environment variables on ourfunction runtime:
UK_FROM_EMAIL="mach@example.co.uk"NL_FROM_EMAIL="mach@example.nl"This can be done with the following Terraform definition:
locals{store_variables=flatten([forstoreinvalues(var.ct_stores):[forvariable_key,variable_valueinstore.variables:{"${store.key}_${variable_key}":variable_value}]])env_store_variables=zipmap(flatten([foriteminlocal.store_variables:keys(item)]),flatten([foriteminlocal.store_variables:values(item)]))}Using store secrets¶
For the store secrets you can use the same technique as for thestore variables.This especially will be sufficient for most cases when implementing for Azure.
On AWS, it might be a better option to combine secrets per store into one secretsvalue to avoid too much latency when fetching those secrets.
AWS¶
Combined secrets¶
resource"aws_secretsmanager_secret""store_secret"{for_each=var.ct_storesname="my-component/${each.value.key}-secrets"tags={lambda="my-component"}}resource"aws_secretsmanager_secret_version""store_secret"{for_each=var.ct_storessecret_id=aws_secretsmanager_secret.component_secret[each.key].idsecret_string=jsonencode(each.value.secrets)}Combining secrets
Depending on your use-case you could choose to storeall secrets intoone AWS secret or to have a logical split.
More considerations about this in the 'Handle secrets in components' how-to.
Separate secrets¶
locals{store_secrets=flatten([forstoreinvalues(var.ct_stores):[forvariable_key,variable_valueinstore.secrets:{"${store.key}_${variable_key}":variable_value}]])env_store_secrets=zipmap(flatten([foriteminlocal.store_secrets:keys(item)]),flatten([foriteminlocal.store_secrets:values(item)]),)secrets=merge(local.env_store_secrets,var.secrets)}resource"aws_secretsmanager_secret""component_secret"{for_each=local.secretsname="my-component/${replace(each.key, "_", "-")}-secret-${random_id.main.hex}"tags={lambda="my-component"}}resource"aws_secretsmanager_secret_version""component_secret"{for_each=local.secretssecret_id=aws_secretsmanager_secret.component_secret[each.key].idsecret_string=each.value}Azure¶
locals{store_secrets=flatten([forstoreinvalues(var.ct_stores):[forvariable_key,variable_valueinstore.secrets:{"${store.key}_${variable_key}":variable_value}]])env_store_secrets=zipmap(flatten([foriteminlocal.store_secrets:keys(item)]),flatten([foriteminlocal.store_secrets:values(item)]),)secrets=merge(local.env_store_secrets,var.secrets)}# Key Vault definitions# ...resource"azurerm_key_vault_secret""secrets"{for_each=local.secretsname=replace(each.key,"_", "-")value=each.valuekey_vault_id=azurerm_key_vault.main.idtags=var.tags}