secure-templates

command module
v0.0.1-alpha.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2024 License: MIT Imports: 15 Imported by: 0

README

Secure Templates

Coverage

Secure Templates is a tool to render templates using go-templates and load data values from secrets engine.

Installation for Linux and Mac

Install on /usr/local/bin with sudo
curl -s https://raw.githubusercontent.com/edimarlnx/secure-templates/main/scripts/install.sh | sudo sh -
Install on work directory without sudo
curl -s https://raw.githubusercontent.com/edimarlnx/secure-templates/main/scripts/install.sh | sh -

Manual installation and Windows users

Go to releases page and download the file according your system.

Samples

Supported Secrets engines

  • Vault: A free Vault solution by HashiCorp
    • In development, you can use a docker to run Vault. See
  • Local file: Local file using rsa key par to encrypt data

Config file

{
  "secret_engine": "local-file",
  "vault_config": {
    "address": "http://localhost:8200",
    "token": "token",
    "secret_engine": "kv",
    "ns": "dev"
  },
  "local_file_config": {
    "filename": "test/local-file-secret.json",
    "enc_priv_key": "LS0tLS...."
  },
  "options": {
    "secretShowNameAsValueIfEmpty": false,
    "secretIgnoreNotFoundKey": false,
    "envShowNameAsValueIfEmpty": false,
    "envAllowAccessToSecureTemplateEnvs": false,
    "envRestrictedNameRegex": "SC_.+"
  }
}

Commands

init-config

Initialize a sample config with local-file as a secret engine

secure-templates init-config -o local-file-cfg.json
Options
NAME:
   secure-templates init-config - Init a sample config

USAGE:
   secure-templates init-config [command options] [arguments...]

OPTIONS:
   --output value, -o value, --out value   [$SEC_TPL_OUTPUT]
   --secret-file value                    (default: "./test/local-file-secret.json")
   --private-key-passphrase value         [$LOCAL_SECRET_PRIVATE_KEY_PASSPHRASE]
   --help, -h                             show help
2024/03/03 00:46:34 ERROR Required flag "config" not set
Environment variables
  • SEC_TPL_OUTPUT: Path to output config file.
  • LOCAL_SECRET_PRIVATE_KEY_PASSPHRASE: Passphrase to encrypt private key.
manage-secret

Manage secret engine

Create or update the key app_passwd into secret core with value abc123

secure-templates manage-secret put core app_passwd abc123
Subcommands arguments
  • put: SECRET KEY VALUE
  • import: SECRET ENV FILE
Options
NAME:
   secure-templates manage-secret - Manage secret

USAGE:
   secure-templates manage-secret command [command options] 

COMMANDS:
   put      Add or update key value
   import   Add or update key value using env file
   help, h  Shows a list of commands or help for one command

OPTIONS:
   --config value, -c value, --cfg value   [$SEC_TPL_CONFIG]
   --help, -h                             show help
Environment variables
  • LOCAL_SECRET_PRIVATE_KEY: Private key encoded with base64.
  • LOCAL_SECRET_PRIVATE_KEY_PASSPHRASE: Passphrase to decrypt private key.
Template Render

Render template using values from configured secret engine

Render a template file

secure-templates FILEPATH
Arguments
  • FILEPATH: Filepath for template to render.
Options
NAME:
   secure-templates - A template render tool

USAGE:
   secure-templates [global options] command [command options] 

VERSION:
   dev

DESCRIPTION:
   Secure Templates is a tool to render templates using go-templates and load data values from secrets engine.

COMMANDS:
   init-config    Init a sample config
   manage-secret  Manage secret
   help, h        Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --config value, -c value, --cfg value   [$SEC_TPL_CONFIG]
   --output value, -o value, --out value   [$SEC_TPL_OUTPUT]
   --print-keys, -p                       (default: false)
   --help, -h                             show help
   --version, -v                          print the version
Environment variables
  • SEC_TPL_CONFIG: Path to config file.
  • SEC_TPL_OUTPUT: Path to output template file.
  • VAULT_TOKEN: Vault token to call the Vault API.
  • LOCAL_SECRET_PRIVATE_KEY: Private key encoded with base64. Used only for local-secret engine.
  • LOCAL_SECRET_PRIVATE_KEY_PASSPHRASE: Passphrase to decrypt private key. Used only for local-secret engine.

Template Functions

  • env: Get environment variable.
  • secret: Get the Key value of a secret engine. If the key name is not provided, it returns a key and value map that can be iterated.
  • sprig functions: Visit the docs for a complete list of functions.

Configuration options

These are configuration options for the Secure Templates tool. Here's a brief explanation for each:

  • secretShowNameAsValueIfEmpty: If set to true, when a secret key's value is empty, the key's name will be shown as the value.
  • secretIgnoreNotFoundKey: If set to true, the tool will ignore if a secret key is not found in the secrets engine.
  • envShowNameAsValueIfEmpty: Similar to secretShowNameAsValueIfEmpty, but for environment variables. If set to true, when an environment variable's value is empty, the variable's name will be shown as the value.
  • envAllowAccessToSecureTemplateEnvs: If set to true, the tool will allow access to secure template environment variables.
  • envRestrictedNameRegex: This is a regular expression that defines the naming convention for restricted environment variables. In the provided example, any environment variable starting with "SC_" would be considered restricted.

Author

Edimar Cardoso

Emails: [email protected] [email protected]

Website: www.zcloud.ws

License

MIT

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
config
connectors
envs
helpers
logging
render

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.