Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Secret Definition documentation #75

Merged
merged 1 commit into from
May 5, 2021
Merged

Improve Secret Definition documentation #75

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 36 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,15 @@ The following authentication methods are supported:

`<STORAGE PATH PREFIX>_<secretID-SUFFIX>=<SECRET-APEX>`

- `VAULT_SECRET_`: Singular Secret Storage Path Prefix
- `VAULT_SECRETS_`: Plural (more than 1 secret beneath the specified path) Secret Storage Path Prefix
- `VAULT_SECRET_` (`<STORAGE PATH PREFIX>`): Singular Secret Storage Path Prefix
- `VAULT_SECRETS_` (`<STORAGE PATH PREFIX>`): Plural (more than 1 secret beneath the specified path) Secret Storage Path Prefix
- `secretID-SUFFIX`: The unique secret identifier that can be used to tie a Secret Storage Path Prefix to a corresponding Destination Prefix. The uniqueness of this value provides the ability to supply multiple secret paths.
- `SECRET-APEX`: When used with **Singular** definitions, the Vault path where the secret exists in Vault that can be read. When used with **Plural** definitions, the Vault path where the secrets exist in Vault that can be listed and then read. This will fetch all secrets within the given Vault directory.
- `DAYTONA_SECRET_DESTINATION_`: (OPTIONAL) Secret Destination Prefix. This is a full file path location where the corresponding secret from the supplied storage path is written to.
- `SECRET-APEX`: When used with **Singular** definitions, the Vault path where the secret exists in Vault that can be read. When used with **Plural** definitions, the Vault path where the secrets exist in Vault that can be listed and then read. This will fetch all secrets within the given Vault directory.

**Secret Definition Options**

- `DAYTONA_SECRET_DESTINATION_`: Secret Destination Prefix. This is a full file path location where the corresponding secret from the supplied storage path is written to. Usage: `DAYTONA_SECRET_DESTINATION_<secretID-SUFFIX>=/path/to/file`
- `VAULT_VALUE_KEY_`: Can be used to indicate the retrieval of a single key from a singular secret definition. Usage: `VAULT_VAULT_KEY_<secretID-SUFFIX>=api_key`

**Singular Secrets**
- Singular Secret Declaration: `VAULT_SECRET_<secretID-SUFFIX>=<SECRET-APEX>`
Expand Down Expand Up @@ -89,6 +93,34 @@ Result

---

**Singular Secret w/Specific Key**

Vault Data

```shell
$ vault read secret/whatever/thing

Key Value
--- -----
refresh_interval 768h
value hello
api_key potato1234
```

Secret Definition

```shell
VAULT_SECRET_THING=secret/whatever/thing
DAYTONA_SECRET_DESTINATION_THING=/tmp/top-secret
VAULT_VALUE_KEY_THING=api_key
```

Result

`potato1234` would be written to the file `/tmp/top-secret`

---

**Plural Secrets**

Vault Data
Expand Down