VaultConfigProvider v0.1.2 VaultConfigProvider

VaultConfigProvider is a Distillery Config provider.

This provider expects a path to a config file to load during boot as an argument:

set config_providers: [
  {Mix.Releases.Config.Providers.Elixir, ["${RELEASE_ROOT_DIR}/config.exs"]},
  {VaultConfigProvider, []}
]

The above configuration goes in a release or environment definition in rel/congfig.exs, and will result in the given path being expanded during boot, and evaluated using Mix.Config.

Any value set as "secret:secret/foo/bar key=baz" or [path: "secret/foo/bar", key: "baz"] will be resolved from Vault.

This provider is based on Mix.Releases.Config.Providers.Elixir in Distillery 2.0.9

This provider expects the passed config file to contain configuration for Vaultex.Client.auth/3 describing authentication parameters:

# using kubernetes auth strategy
config :vaultex,
  auth: {:kubernetes, %{jwt: File.read!("/tmp/token"), role: "my_role"}}

# or using a token strategy
config :vaultex,
  auth: {:token, {"root"}}

config :vaultex,
  auth: {:github, {"github_token"}}

config :vaultex,
  auth: {:app_id, {"app_id", "user_id"}}

Link to this section Summary

Functions

app_env()

init(_)

Called when the provider is initialized

resolve_secrets(runtime_config)

Link to this section Functions

app_env()

init(_)

Called when the provider is initialized.

Providers are invoked pre-boot, in a dedicated VM, with all application code loaded, and kernel, stdlib, compiler, and elixir applications started. Providers must use this callback to push configuration into the application environment, which will be persisted to a final sys.config for the release itself.

The arguments given to init/1 are the same as given in the config_providers setting in your release configuration file.

Callback implementation for Mix.Releases.Config.Provider.init/1.

resolve_secrets(runtime_config)