-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
kendavis2
committed
Oct 3, 2019
1 parent
6f252ff
commit 518b7b8
Showing
1 changed file
with
77 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,13 @@ | ||
# README | ||
|
||
The cStore CLI provides a command to push config files `$ cstore push service/dev/.env` to remote [storage](docs/STORES.md). The pushed files are replaced by a, `cstore.yml` file, that remembers the storage location, file encryption, and other details making restoration locally or by a resource as simple as `$ cstore pull -t dev`. | ||
Simple, secure, and flexible configuration management. | ||
|
||
The cStore CLI provides a command to push config files `$ cstore push service/dev/.env` to remote [storage](docs/STORES.md). The pushed files are replaced by a, `cstore.yml` file, that remembers the storage location, file encryption, and other details making restoration locally or by a service as simple as `$ cstore pull -t dev`. | ||
|
||
`*.env` and `*.json` are special file types whose secrets can be [tokenized](docs/SECRETS.md), encrypted, stored separately from the configuration, and injected at runtime. | ||
|
||
<details> | ||
<summary>Repository Example</summary> | ||
<summary>How it Works</summary> | ||
|
||
``` | ||
├── project | ||
|
@@ -70,7 +72,7 @@ files: | |
</details> | ||
|
||
<details> | ||
<summary>Install/Upgrade</summary> | ||
<summary>Install / Upgrade</summary> | ||
|
||
| OS | | | ||
|----|----| | ||
|
@@ -93,18 +95,23 @@ $ export AWS_PROFILE=user-profile | |
|
||
Ensure a [storage](docs/STORES.md) solution is available and supports the configuration file type. | ||
|
||
<details> | ||
<summary>Example .env</summary> | ||
During a push, [tokenized](docs/SECRETS.md) secrets are removed and stored in AWS Secrets Manager. | ||
|
||
<details open> | ||
<summary>Store Env Configs</summary> | ||
|
||
```bash | ||
$ cat service/dev/.env # example | ||
``` | ||
``` | ||
HEALTHCHECK=/ping | ||
MONGO_URL=mongodb://{{dev/user::appuser-dev}}:{{dev/password::3lkjr4kfdro4df}}@example-server.mongodb.net:30000/example-dev | ||
API_KEY={{dev/token::82f6f303-9e00-4a8c-be26-b9d06781d844}} | ||
API_URL=https://dev.api.example-service.com | ||
[email protected] | ||
``` | ||
</details> | ||
|
||
Save in one of the following storage solutions. | ||
```bash | ||
$ cstore push service/dev/.env -s aws-parameter | ||
``` | ||
|
@@ -114,10 +121,14 @@ $ cstore push service/dev/.env -s aws-s3 | |
```bash | ||
$ cstore push service/dev/.env -s source-control | ||
``` | ||
</details> | ||
|
||
<details> | ||
<summary>Example config.json</summary> | ||
<summary>Store Json Configs</summary> | ||
|
||
```bash | ||
$ cat service/dev/config.json # example | ||
``` | ||
```json | ||
{ | ||
"db_url" : "mongodb://{{dev/user::app_user}}:{{dev/password::4kdnow55jdjnk3nd}}@example-server.mongodb.net:30000/example-dev", | ||
|
@@ -126,48 +137,92 @@ $ cstore push service/dev/.env -s source-control | |
"contact": "[email protected]" | ||
} | ||
``` | ||
</details> | ||
|
||
```bash | ||
$ cstore push service/dev/config.json -s aws-s3 | ||
``` | ||
|
||
Multiple files can be discovered and pushed in one command. Replace `service` with the environments folder or `.` to search all project sub folders. | ||
</details> | ||
|
||
<details> | ||
<summary>Store Multiple Configs</summary> | ||
|
||
```bash | ||
$ cstore push service/dev/.env service/qa/.env | ||
``` | ||
|
||
Auto discover and push multiple files in `service` folder. | ||
```bash | ||
$ cstore push $(find service -name '*.env') | ||
``` | ||
</details> | ||
<details> | ||
<summary>Save Config Changes</summary> | ||
|
||
During a push, [tokenized](docs/SECRETS.md) secrets are removed and stored in AWS Secrets Manager. | ||
```bash | ||
$ cstore push # all configs | ||
``` | ||
```bash | ||
$ cstore push service/dev/.env service/qa/.env | ||
``` | ||
```bash | ||
$ cstore push -t "dev&qa" # config must have both tags | ||
``` | ||
```bash | ||
$ cstore push -t "dev|qa" # config must have either tag | ||
``` | ||
|
||
</details> | ||
|
||
## Restore App Configuration ## | ||
|
||
Restore Config Files (any type) | ||
During a pull, `-i` will retrieve and inject [tokenized](docs/SECRETS.md) secrets from AWS Secrets Manager. | ||
|
||
<details open="true"> | ||
<summary>Restore Config Files Locally</summary> | ||
|
||
```bash | ||
$ cstore pull service/dev/.env | ||
$ cstore pull # all configs | ||
``` | ||
```bash | ||
$ cstore pull -t dev | ||
$ cstore pull service/dev/.env service/qa/.env | ||
``` | ||
```bash | ||
$ cstore pull -t "dev&qa" # config must have both tags | ||
``` | ||
```bash | ||
$ cstore pull -t "dev|qa" # config must have either tag | ||
``` | ||
</details> | ||
|
||
<details> | ||
<summary>Format/Send Configs to Stdout</summary> | ||
|
||
Export Environment Variables (`.env`) | ||
```bash | ||
$ eval $( cstore pull service/dev/.env -g terminal-export ) | ||
$ cstore pull -t dev -e # raw file contents | ||
``` | ||
```bash | ||
$ eval $( cstore pull service/dev/.env -g terminal-export ) # export environment variables | ||
``` | ||
|
||
Output Task Definition JSON Formats (`.env`) | ||
Output Task Definition JSON [Env](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_environment)/[Secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) Formats (`.env`) | ||
```bash | ||
$ cstore pull -t dev -g task-def-env | ||
$ cstore pull -t dev -g task-def-env # AWS Task Definition environment | ||
``` | ||
```bash | ||
$ cstore pull -t dev -g task-def-secrets --store-command refs # When using AWS Parameter Store, this command generates the json needed for the task definition allowing secrets to be injected into the container at run time. | ||
$ cstore pull -t dev -g task-def-secrets --store-command refs # AWS Task Definition secrets | ||
``` | ||
|
||
#### How To #### | ||
</details> | ||
|
||
<details> | ||
<summary>Loading Configs in a Service</summary> | ||
|
||
* [Inside Docker Container](docs/DOCKER.md) | ||
* [Inside Lambda Function](docs/LAMBDA.md) | ||
* [Using Application Memory](docs/LIBRARY.md) | ||
* [Docker Container](docs/DOCKER.md) | ||
* [Lambda Function](docs/LAMBDA.md) | ||
* [Application Memory](docs/LIBRARY.md) | ||
|
||
</details> | ||
|
||
## More ## | ||
|
||
|