Skip to content
cf plugin to push cf app with vault
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ci
out
plug
testdata
vault
.gitignore
.goreleaser.yml
LICENSE
Makefile
NOTICE.md
README.md
go.mod
go.sum
main.go

README.md

cf-push-with-vault

Go Report Card License Build Status

cf plugin to push cf app with vault

How to install

From CF-Community

$ cf install-plugin -r CF-Community "push-with-vault"

From GitHub Release

Download tar.gz file from release page.

$ tar -zxvf cf-push-with-vault_*.tar.gz
$ cf install-plugin -f ./cf-push-with-vault 

How to use

$ cf push-with-vault -h
NAME:
   push-with-vault - This enable to use (( )) place holders in manifest files. (( )) are evaluated by vault

USAGE:
   $ cf push-with-vault [APP_NAME]

OPTIONS:
   --domain, -d             Specify a custom domain (e.g. private-domain.example.com, apps.internal.com) to use instead of the default domain
   --file, -f               Path to manifest (default: ./manifest.yml)
   --hostname, -n           Hostname (e.g. my-subdomain)
   --path-prefix, -pp       Path under which to namespace credential lookup
   --vault-addr, -va        Address of the Vault server expressed as a URL and port, for example: https://127.0.0.1:8200/. (default: "VAULT_ADDR" env)
   --vault-token, -vt       Vault authentication token. (default: "VAULT_TOKEN" env)

Examples

If you want to push cf app has follow manifest with vault.

---
applications:
- name: APP-ONE
  path: ./APP-ONE-DIRECTORY
  env:
    bar: ((/foo/bar))

You must set /foo/bar to vault with value field. (inspired by Credential lookup rules)

$ vault write /foo/bar value="cred"

This plugin can only KV Secrets Engine - Version 1

$ export VAULT_ADDR=https://your.vault.address
$ export VAULT_TOKEN=xxxxxxxxxxxx
$ cf push-with-vault --path-prefix=/foo -f manifest.yml
You can’t perform that action at this time.