New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Template integration with https://github.com/xordataexchange/crypt provided values #210

Merged
merged 5 commits into from Oct 9, 2017

Conversation

Projects
None yet
@philipsoutham
Contributor

philipsoutham commented Feb 28, 2015

Template integration with https://github.com/xordataexchange/crypt provided values

New cli option -secret-keyring -> path to armored secret keyring

template function crypt enabled function
get cget
gets cgets
getv cgetv
getvs cgetvs

Why? Because I wanted to store SSL certs along with the nginx config values.

Also, sorry; I noticed my godeps got attached to the PR.

Closes #412 #342

@philipsoutham

This comment has been minimized.

Show comment
Hide comment
@philipsoutham

philipsoutham Feb 28, 2015

Contributor

Lame, For whatever reason the order in

{{range cgetvs "/crypt-test/*"}}
val: {{.}}
{{end}}

is not deterministic causing the travis test to bomb.

Contributor

philipsoutham commented Feb 28, 2015

Lame, For whatever reason the order in

{{range cgetvs "/crypt-test/*"}}
val: {{.}}
{{end}}

is not deterministic causing the travis test to bomb.

@kelseyhightower

This comment has been minimized.

Show comment
Hide comment
@kelseyhightower

kelseyhightower Mar 5, 2015

Owner

@philipsoutham Wow, this is pretty awesome. It going to take some time to review this.

Owner

kelseyhightower commented Mar 5, 2015

@philipsoutham Wow, this is pretty awesome. It going to take some time to review this.

@bketelsen

This comment has been minimized.

Show comment
Hide comment
@bketelsen

bketelsen Mar 6, 2015

Contributor

so much awesome!

Contributor

bketelsen commented Mar 6, 2015

so much awesome!

Show outdated Hide outdated config.go
Scheme string `toml:"scheme"`
Verbose bool `toml:"verbose"`
Watch bool `toml:"watch"`
KeyStore []byte

This comment has been minimized.

@bacongobbler

bacongobbler Mar 24, 2015

Collaborator

small nit, but can we change this to PGPPrivateKey or something that's a little more verbose? In my mind, KeyStore implies a storage container for managing keys, whereas this is just a reference to a PGP private key.

@bacongobbler

bacongobbler Mar 24, 2015

Collaborator

small nit, but can we change this to PGPPrivateKey or something that's a little more verbose? In my mind, KeyStore implies a storage container for managing keys, whereas this is just a reference to a PGP private key.

This comment has been minimized.

@philipsoutham

philipsoutham Mar 24, 2015

Contributor

@bacongobbler sure thing, I was just using the taxonomy from https://github.com/xordataexchange/crypt.

@philipsoutham

philipsoutham Mar 24, 2015

Contributor

@bacongobbler sure thing, I was just using the taxonomy from https://github.com/xordataexchange/crypt.

@bacongobbler

This comment has been minimized.

Show comment
Hide comment
@bacongobbler

bacongobbler Mar 24, 2015

Collaborator

Haven't tested this but from initial impressions this get my 👍 for a clean implementation.

Would you kindly add documentation around how users would go about setting this up/using the functions supplied in this PR? Thanks! ❤️

Collaborator

bacongobbler commented Mar 24, 2015

Haven't tested this but from initial impressions this get my 👍 for a clean implementation.

Would you kindly add documentation around how users would go about setting this up/using the functions supplied in this PR? Thanks! ❤️

@philipsoutham

This comment has been minimized.

Show comment
Hide comment
@philipsoutham

philipsoutham Mar 24, 2015

Contributor

@bacongobbler I'll try to write something up to be included in the docs section to be included of the PR.

Contributor

philipsoutham commented Mar 24, 2015

@bacongobbler I'll try to write something up to be included in the docs section to be included of the PR.

@@ -0,0 +1,253 @@
Encrypting your data

This comment has been minimized.

@philipsoutham

philipsoutham Apr 1, 2015

Contributor

@bacongobbler Take a look at this documentation and let me know if you think it is adequate.

@philipsoutham

philipsoutham Apr 1, 2015

Contributor

@bacongobbler Take a look at this documentation and let me know if you think it is adequate.

@philipsoutham

This comment has been minimized.

Show comment
Hide comment
@philipsoutham

philipsoutham Apr 1, 2015

Contributor

Docs added.

Contributor

philipsoutham commented Apr 1, 2015

Docs added.

Show outdated Hide outdated docs/data_encryption.md
- [Verifying Encrypted Data](#local-testing-verify)
- [Putting It All Together, Using With Confd](#local-testing-confd)
<a name="local-testing-keypair"/>

This comment has been minimized.

@bacongobbler

bacongobbler Apr 3, 2015

Collaborator

What's the rationale behind these internal links? Github automatically generates links like this on hosted markdown.

@bacongobbler

bacongobbler Apr 3, 2015

Collaborator

What's the rationale behind these internal links? Github automatically generates links like this on hosted markdown.

This comment has been minimized.

@bacongobbler

bacongobbler Apr 3, 2015

Collaborator

Ah, I see the Table of contents above. Let's remove it, as no other documentation in confd has this.

@bacongobbler

bacongobbler Apr 3, 2015

Collaborator

Ah, I see the Table of contents above. Let's remove it, as no other documentation in confd has this.

This comment has been minimized.

@philipsoutham

philipsoutham Apr 3, 2015

Contributor

TOC removed in current PR

@philipsoutham

philipsoutham Apr 3, 2015

Contributor

TOC removed in current PR

@bacongobbler

This comment has been minimized.

Show comment
Hide comment
@bacongobbler

bacongobbler Apr 3, 2015

Collaborator

I see that https://github.com/xordataexchange/crypt only has support for etcd and consul. What about our other backends like redis, env and eventually the filesystem? How is someone able to encrypt data on the other backends if crypt doesn't have support for those backends? I guess by using gpg as the docs suggest?

Collaborator

bacongobbler commented Apr 3, 2015

I see that https://github.com/xordataexchange/crypt only has support for etcd and consul. What about our other backends like redis, env and eventually the filesystem? How is someone able to encrypt data on the other backends if crypt doesn't have support for those backends? I guess by using gpg as the docs suggest?

@bketelsen

This comment has been minimized.

Show comment
Hide comment
@bketelsen

bketelsen Apr 3, 2015

Contributor

PR's accepted on Crypt if you want to add support to other backends. It's a really small interface to implement.

Contributor

bketelsen commented Apr 3, 2015

PR's accepted on Crypt if you want to add support to other backends. It's a really small interface to implement.

@philipsoutham

This comment has been minimized.

Show comment
Hide comment
@philipsoutham

philipsoutham Apr 3, 2015

Contributor

The cli tool that is included as a convenience in crypt only supports the consul and etcd backends; the library piece that actually encrypts the data is backend agnostic. You can use the following methods included in the github.com/xordataexchange/crypt/encoding/secconf library to encode and decode your data using any backed you want (that is what we are doing).

Contributor

philipsoutham commented Apr 3, 2015

The cli tool that is included as a convenience in crypt only supports the consul and etcd backends; the library piece that actually encrypts the data is backend agnostic. You can use the following methods included in the github.com/xordataexchange/crypt/encoding/secconf library to encode and decode your data using any backed you want (that is what we are doing).

Template integration with https://github.com/xordataexchange/crypt pr…
…ovided values

New cli option `-secret-keyring` -> path to armored secret keyring

template function | crypt enabled function
------------------|-----------------------
`get`             | `cget`
`gets`            | `cgets`
`getv`            | `cgetv`
`getvs`           | `cgetvs`

Why? Because I wanted to store SSL certs along with the nginx config values.
@popsikle

This comment has been minimized.

Show comment
Hide comment
@popsikle

popsikle Jun 3, 2015

+1 on this ;)

popsikle commented Jun 3, 2015

+1 on this ;)

@indiv0

This comment has been minimized.

Show comment
Hide comment
@indiv0

indiv0 Aug 12, 2015

Any updates on this?

indiv0 commented Aug 12, 2015

Any updates on this?

@kelseyhightower

This comment has been minimized.

Show comment
Hide comment
@kelseyhightower

kelseyhightower Aug 24, 2015

Owner

I'm reviewing this, we will need to rebase, but I think there are some patches floating around.

Owner

kelseyhightower commented Aug 24, 2015

I'm reviewing this, we will need to rebase, but I think there are some patches floating around.

@jamiehannaford

This comment has been minimized.

Show comment
Hide comment
@jamiehannaford

jamiehannaford Aug 28, 2015

Can't wait for this! 🚀

jamiehannaford commented Aug 28, 2015

Can't wait for this! 🚀

@davidquarles

This comment has been minimized.

Show comment
Hide comment
@davidquarles

davidquarles Sep 21, 2015

@philipsoutham This is so awesome. Do you have time to rebase?

davidquarles commented Sep 21, 2015

@philipsoutham This is so awesome. Do you have time to rebase?

@sruon

This comment has been minimized.

Show comment
Hide comment
@sruon

sruon commented Nov 20, 2015

+1

say5 added some commits Nov 30, 2015

Merge branch 'master' of https://github.com/kelseyhightower/confd int…
…o crypt

Conflicts:
	Godeps/Godeps.json
	src/github.com/kelseyhightower/confd/config.go
	src/github.com/kelseyhightower/confd/config_test.go

@say5 say5 referenced this pull request Dec 2, 2015

Merged

Rebase #1

@kelseyhightower

This comment has been minimized.

Show comment
Hide comment
@kelseyhightower

kelseyhightower Feb 20, 2016

Owner

@philipsoutham After a bit of clean up to the general confd repo I think we are ready to review and merge this. If you are still interested can you rebase this?

Owner

kelseyhightower commented Feb 20, 2016

@philipsoutham After a bit of clean up to the general confd repo I think we are ready to review and merge this. If you are still interested can you rebase this?

@okushchenko okushchenko modified the milestone: 0.14.0 Aug 30, 2017

@okushchenko okushchenko merged commit 45edb08 into kelseyhightower:master Oct 9, 2017

okushchenko added a commit that referenced this pull request Oct 9, 2017

@okushchenko okushchenko referenced this pull request Oct 9, 2017

Closed

add functions + test #412

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment