terrahelp icon indicating copy to clipboard operation
terrahelp copied to clipboard

Published 20 hours ago verified publisher icon opencredo

Feature Request - terrahelp config json

Open LeoK80 opened this issue 1 year ago • 0 comments

Feature Instead of using the Env Vars to configure the Vault encryption, would it be possible to also support configuring TerraHelp with a configuration json file?

Context Reason for the feature is that it would allow people to store their config in a json blob in Vault and output it into the expected json file format using the Vault cli client. e.g. vault kv get secret/terrahelp | jq -r '.data.data' > th-config.json

with contents like

{
  "TH_ENCRYPTION_PROVIDER": "vault",
  "TH_ENCRYPTION_MODE": "full",
  "TH_VAULT_NAMED_KEY": "examplekey"
}

So you can run terrahelp vault-autoconfig and subsequent commands based on the provided json. The Vault env vars presumably are already set in order to run vault kv get!

Of course if more than one Vault instances are used perhaps an override of VAULT_ADDR, VAULT_TOKEN and VAULT_SKIP_VERIFY (and VAULT_NAMESPACE for Enterprise Vault) could also still be useful as part of the config.json for TerraHelp.

Potentially default to specific filename and provide a -config-file= flag for alternate file naming of a config file.

Benefits

  • store/manage the Vault Named Key (and other key/value pairs) in Vault!
  • convenience of having full config available with simple one-liner

LeoK80 avatar Mar 15 '23 10:03 LeoK80