Tierceron is a encrypted configuration management system created for managing configurations and secrets used in microservices in Vault (by Hashicorp). It is written in Go, using Apache Dolthub (Tierceron Flume: provides integrated flows), G3n (integrated visualization), Kubernetes (Tierceron Shell: integrated cloud agent secure shell), and Hashicorp Vault (data and secrets encryption).
This suite of tools provides functionality for creating, reading, and updating configurations over multiple environments (presently dev, QA, RQA, and staging). If you have a Vault token with the right permissions for the right environment, you can read configurations for that environment. Presently, only the root token can be used to actually create and update changes to the stored configurations (this should probably be changed). Support has also been recently prototyped (2019 hackathon) to provide in memory configurations via a supporting shared library, dll, or dynamic library.
- Because Configuration Management is a pain. I wanted to be able to switch between development and QA and any other environment with a single call for all my microservices. With these tools, I can now do that.
- We wanted a system that worked transparently from dev -> QA -> staging -> production.
- Wanted a fun project for our interns to work on over the summer.
- Since Tierceron is written all in go, the services involved are very stable and tiny. All configurations may be managed on a small EC2/virtual machine running anywhere from locally to AWS/Azure backed by an encrypted and backed up database.
- Coding in go is a dream. If I could code an entire system in go, I would do it in a snap.
- This project follows a GitFlow model for development and release.
- Encrypted configurations store in Vault backed by encrypted mysql.
- Highly stable Vault service that can run on something as small as a t2 micro in AWS or something similar in Azure for example.
- Tools:
- trcconfig -- for reading configurations
- trcinit -- for initializing a configuration set over multiple projects.
- trcx -- for extracting seed data that can be managed locally separate from the configuration templates.
- trcpub -- for publishing template changes.
- nc.so -- for dynamically loading configurations securely in memory. - this has been used successfully for a java microservice to pull in configuration files and public certificates all referenced in memory. This means there is no configuration footprint on the filesystem. -- switching from dev to QA in this setup simply means using a different token.
If you are a contributor, please have a look on the getting started file. Here you can check the information required and other things before providing a useful contribution.
Contributions are always welcome, no matter how large or small. Before contributing, please read the code of conduct.
See Contributing.
Check the code review information to find out how a Pull Request is evaluated for this project and what other coding standards you should consider when you want to contribute.
Create indexing pathing in vault for easy indexing of vault data by desired variable.