Scalecube VaultEnvironment is an utility for reading static secrets from Vault server and running with them a command or a script.
- Get a binary
scalecube-vaultenv-VERSION-shaded.jar
- Install Java (11+)
- Export configuration environment variables (see below)
- Execute in terminal:
java -jar scalecube-vaultenv-x.y.z-shaded.jar "[CMD]" [RUNNING_MODE]
.
CMD
-- command to run, can be for example npm start
or python ./start_app.py
,
and must come with double quotes.
RUNNING_MODE
-- there're two running modes: --input
(vaultenv shall pass secrets to stdin
of the CMD
process) and --env
(vaultenv shall pass secrets as environment variables of the CMD
process). **NOTE: the latter approach is not recommended on prod environments (finding env variables in kubernetes, show env variables on linux).
Given in program arguments CMD will be executed in separate process with following semantic:
- Output(both stdout and stderr) of the forked child process will be redirected to the console and maintained by parent scalecube-vaultenv java process.
- If scalecube-vaultenv java exits then forked child process exits as well (by SIGINT or SIGTERM).**NOTE: on windows you have to have
taskkill
installed for proper child process destroy. - An opposite is also true, if forked child process exits then scalecube-vaultenv java exits as well.
- Forked CMD process inherits working directory and environment variables of the parent scalecube-vaultenv java runner.
Environment variables to run a jar:
VAULT_ADDR
-- vault server address (required)VAULT_SECRETS_PATH
-- vault secrets path (required)VAULT_ENGINE_VERSION
-- vault KV engine version, by default1
(being set globally)VAULT_TOKEN
-- vault token for token-auth backend (optional, ifVAULT_ROLE
is set)VAULT_ROLE
-- vault role for lubernetes-auth backend (optional, ifVAULT_TOKEN
is set)
To run scalecube-vaultenv in container you have to have image with java (11+), this is the only requirement. For example, this is how to integrate it to a nodejs:
FROM timbru31/java-node:11-jre
...
RUN wget -O ./scalecube-vaultenv.jar https://oss.sonatype.org/service/local/repositories/releases/content/io/scalecube/scalecube-vaultenv/0.1.1/scalecube-vaultenv-0.1.1-shaded.jar
...
CMD ["java","-jar", "./scalecube-vaultenv.jar", "npm run-script robokit-start", "--input"]
Binaries and dependency information for Maven can be found at http://search.maven.org.
Maven dependency:
<dependency>
<groupId>io.scalecube</groupId>
<artifactId>scalecube-vaultenv</artifactId>
<version>x.y.z</version>
</dependency>
For bugs, questions and discussions please use the GitHub Issues.