You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Say my applications needs a secret in order to perform some operation. This can be a database connection string, an access key for a storage account, or a certificate file needed to connect to some server.
Right now, the only way to get this into a Spin application is either through an environment variable, or through a file.
Let's explore these one at a time:
environment variables: they have to either be specified directly in spin.toml, or they must be passed as a flag when running with spin up.
files: they have to be present locally when running spin up from a local directory, or they must be distributed using Bindle.
Realistically, none of these really satisfy real use cases.
Ideally, I would like to reference a secret value or file in my spin.toml, then rely on something to make that value available for me at runtime:
At runtime, the secret store configured for this component MUST contain the secrets referenced, otherwise the component instantiation will fail.
Implementations for secrets providers could include reading the secrets from a file (suitable for local development), or reading from a service like Vault (or your favorite cloud secrets store).
The text was updated successfully, but these errors were encountered:
I like the idea. Would it make sense to generalize it to "config provider" or something? The "slot that must be filled" concept seems like it would be useful beyond secrets.
Say my applications needs a secret in order to perform some operation. This can be a database connection string, an access key for a storage account, or a certificate file needed to connect to some server.
Right now, the only way to get this into a Spin application is either through an environment variable, or through a file.
Let's explore these one at a time:
spin.toml
, or they must be passed as a flag when running withspin up
.spin up
from a local directory, or they must be distributed using Bindle.Realistically, none of these really satisfy real use cases.
Ideally, I would like to reference a secret value or file in my
spin.toml
, then rely on something to make that value available for me at runtime:At runtime, the secret store configured for this component MUST contain the secrets referenced, otherwise the component instantiation will fail.
Implementations for secrets providers could include reading the secrets from a file (suitable for local development), or reading from a service like Vault (or your favorite cloud secrets store).
The text was updated successfully, but these errors were encountered: