Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
ci
 
 
out
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

cf-push-with-vault

Go Report Card License Build Status

cf plugin to push cf app with vault

How to install

From CF-Community

$ cf install-plugin -r CF-Community "push-with-vault"

From GitHub Release

Download tar.gz file from release page.

$ tar -zxvf cf-push-with-vault_*.tar.gz
$ cf install-plugin -f ./cf-push-with-vault 

How to use

$ cf push-with-vault -h
NAME:
   push-with-vault - This enable to use (( )) place holders in manifest files. (( )) are evaluated by vault

USAGE:
   $ cf push-with-vault [APP_NAME]

OPTIONS:
   --domain, -d             Specify a custom domain (e.g. private-domain.example.com, apps.internal.com) to use instead of the default domain
   --file, -f               Path to manifest (default: ./manifest.yml)
   --hostname, -n           Hostname (e.g. my-subdomain)
   --path-prefix, -pp       Path under which to namespace credential lookup
   --vault-addr, -va        Address of the Vault server expressed as a URL and port, for example: https://127.0.0.1:8200/. (default: "VAULT_ADDR" env)
   --vault-token, -vt       Vault authentication token. (default: "VAULT_TOKEN" env)

Examples

If you want to push cf app has follow manifest with vault.

---
applications:
- name: APP-ONE
  path: ./APP-ONE-DIRECTORY
  env:
    bar: ((/foo/bar))

You must set /foo/bar to vault with value field. (inspired by Credential lookup rules)

$ vault write /foo/bar value="cred"

This plugin can only KV Secrets Engine - Version 1

$ export VAULT_ADDR=https://your.vault.address
$ export VAULT_TOKEN=xxxxxxxxxxxx
$ cf push-with-vault --path-prefix=/foo -f manifest.yml

This command has same effect as below.

$ export VAULT_ADDR=https://your.vault.address
$ export VAULT_TOKEN=xxxxxxxxxxxx
$ cf push -f manifest -v foo/bar = `vault read -field=value /foo/bar` 

If your cloudfoundry server version is old, this command is unavailable.
But this plugin is available because this parses manifest file and set credentials from vault.