config-sesame
A tool to look up secrets from a vault based on existing shareable configuration.
Table of Contents
Overview
The config-sesame
command line tool can be used as part of a
continuous deployment pipeline to provide applications with runtime
secrets. For this purpose, it scans already assembled application
configuration (application.yml
) for references to secrets stored in
a “vault”, and writes resolved secrets to an additional file
(secrets.yml
). The diagram below gives you an idea how the tool fits
into a typical CD pipeline – for more details, see the main documentation.
Installation
Config Sesame can be installed via pip install config-sesame
as
usual, see releases for an overview of available versions. To get a
bleeding-edge version from source, use these commands:
repo="1and1/config-sesame"
pip install -r "https://raw.githubusercontent.com/$repo/master/requirements.txt"
pip install -U -e "git+https://github.com/$repo.git#egg=${repo#*/}"
See Contributing on how to create a full development environment, and Installing Config Sesame for detailed instructions in the main documentation.
To add bash completion, read the Click docs about it, or just follow these instructions:
cmdname=config-sesame
mkdir -p ~/.bash_completion.d
( export _$(tr a-z- A-Z_ <<<"$cmdname")_COMPLETE=source ; \
$cmdname >~/.bash_completion.d/$cmdname.sh )
grep /.bash_completion.d/$cmdname.sh ~/.bash_completion >/dev/null \
|| echo >>~/.bash_completion ". ~/.bash_completion.d/$cmdname.sh"
. "/etc/bash_completion"
Usage
Please see the main documentation at Read the Docs for usage instructions.
Future Plans
- Act as an Ansible vars plugin.
Contributing
Contributing to this project is easy, and reporting an issue or adding to the documentation also improves things for every user. You don’t need to be a developer to contribute. See CONTRIBUTING for more.
As a documentation author or developer, to create a working directory for this project, call these commands:
git clone "https://github.com/1and1/config-sesame.git"
cd "config-sesame"
. .env --yes --develop
invoke build --docs test check
You might also need to follow some setup procedures to make the necessary basic commands available on Linux, Mac OS X, and Windows.
Running the test suite can be done several ways, just call
invoke test
for a quick check, or invoke test.tox
for testing
with all supported Python versions (if you have them available). Use
invoke check
to run a code-quality scan.
To start a watchdog that auto-rebuilds documentation and reloads the
opened browser tab on any change, call invoke docs -w -b
(stop the
watchdog using the -k
option).
References
Tools
Packages
Related Projects
Acknowledgements
Documentation hosted by Read the Docs.