config icon indicating copy to clipboard operation
config copied to clipboard

Published 20 hours ago verified publisher icon lightbend

Config Value from File (Docker Secrets)?

Open AshleyAitken opened this issue 8 years ago • 5 comments

It would be great to include this functionality in typesafe/config.

Maybe with syntax something like =$(< /path/to/secret/in/file)

So we could do something like:

application.key.secret = "default-value" application.key.secret = ${?APPLICATION_KEY_SECRET} application.key.secret = ${< /path/to/secret/in/file}

or perhaps

application.key.secret = "default-value" application.key.secret = ${?APPLICATION_KEY_SECRET} application.key.secret = ${< APPLICATION_KEY_SECRET_FILE}

using the value in the environment variable as the path to the secret file.

Just some ideas.

Thanks, Ashley.

AshleyAitken avatar Sep 26 '17 11:09 AshleyAitken

The entire content of the secret file should be the value of the variable, right?

I'm not sure of the best way to do this, hmm. ${} syntax currently can never cause an IO error, IO happens when we do include during file load... possibly we should consider a variant on include syntax:

application.key.secret = include contents("/path/to/secret")

That's analogous to the existing

application.key.secret = include file("/path/to/secret")

But of course the existing file() expects the file to be parseable and returns an object, while contents() (or whatever we named it) would return a string.

See https://github.com/typesafehub/config/blob/master/HOCON.md#include-syntax

havocp avatar Sep 26 '17 13:09 havocp

Thanks for your comment @havocp

Yes, entire content of file should be the value of the variable.

application.key.secret = include contents("/path/to/secret") would be great, and event better if we could do:

application.key.secret = include contents($PATH_TO_SECRET) but I don't think substitutions or anything are allowed (in include sytnax).

Yes, just a string.

Wow, all that (blows my mind) for a "simple" include statement :-)

AshleyAitken avatar Sep 26 '17 16:09 AshleyAitken

I like Havoc's ad-hoc proposal here, it'd be good to bind this to include rather than ${} since the IO is explicit then... contents sounds good too actually.

ktoso avatar Sep 26 '17 16:09 ktoso

Here is temporary solution by Pawel Kaczor that solves problem with one line of code

config.withSecretAt("application.key.secret")

https://gist.github.com/pawelkaczor/8009c05eed30f67099cae70401939e55

AshleyAitken avatar Sep 29 '17 16:09 AshleyAitken

Is this solution accepted in the main code ? due to the increase in the k8s adoption, having this feature greatly helps.

nareshv avatar May 03 '21 15:05 nareshv