Skip to content

Tierceron is a framework of services and tools for securely storing, managing (via tools, data flows, and services), distributing (via deployments to microservices), and visualizing secrets (via command line output and diff, database, and 3D visualization); powered by Go, Apache Kubernetes, Apache Dolthub, G3n, and HashiCorp Vault.

License

Notifications You must be signed in to change notification settings

trimble-oss/tierceron

Repository files navigation

License

LICENSE

Tierceron

GitHub release Go Report Card PkgGoDev

What is it?

Tierceron is a encrypted configuration management system created for managing configurations and secrets used in microservices in Vault (by Hashicorp). It is written in Go, using Apache Dolthub (Tierceron Flume: provides integrated flows), G3n (integrated visualization), Kubernetes (Tierceron Shell: integrated cloud agent secure shell), and Hashicorp Vault (data and secrets encryption).

This suite of tools provides functionality for creating, reading, and updating configurations over multiple environments (presently dev, QA, RQA, and staging). If you have a Vault token with the right permissions for the right environment, you can read configurations for that environment. Presently, only the root token can be used to actually create and update changes to the stored configurations (this should probably be changed). Support has also been recently prototyped (2019 hackathon) to provide in memory configurations via a supporting shared library, dll, or dynamic library.

Why❓

  • Because Configuration Management is a pain. I wanted to be able to switch between development and QA and any other environment with a single call for all my microservices. With these tools, I can now do that.
  • We wanted a system that worked transparently from dev -> QA -> staging -> production.
  • Wanted a fun project for our interns to work on over the summer.
  • Since Tierceron is written all in go, the services involved are very stable and tiny. All configurations may be managed on a small EC2/virtual machine running anywhere from locally to AWS/Azure backed by an encrypted and backed up database.
  • Coding in go is a dream. If I could code an entire system in go, I would do it in a snap.

Key Features

  • This project follows a GitFlow model for development and release.
  • Encrypted configurations store in Vault backed by encrypted mysql.
  • Highly stable Vault service that can run on something as small as a t2 micro in AWS or something similar in Azure for example.
  • Tools:
    • trcconfig -- for reading configurations
    • trcinit -- for initializing a configuration set over multiple projects.
    • trcx -- for extracting seed data that can be managed locally separate from the configuration templates.
    • trcpub -- for publishing template changes.
    • nc.so -- for dynamically loading configurations securely in memory. - this has been used successfully for a java microservice to pull in configuration files and public certificates all referenced in memory. This means there is no configuration footprint on the filesystem. -- switching from dev to QA in this setup simply means using a different token.

Getting started

If you are a contributor, please have a look on the getting started file. Here you can check the information required and other things before providing a useful contribution.

Trusted Committers

Contributing

Contributions are always welcome, no matter how large or small. Before contributing, please read the code of conduct.

See Contributing.

Code review

Check the code review information to find out how a Pull Request is evaluated for this project and what other coding standards you should consider when you want to contribute.

Current effort

Titrating. Tierceron can do a lot of things. Some features are very easy to set up and use, others not so much. Contributions welcomed!

About

Tierceron is a framework of services and tools for securely storing, managing (via tools, data flows, and services), distributing (via deployments to microservices), and visualizing secrets (via command line output and diff, database, and 3D visualization); powered by Go, Apache Kubernetes, Apache Dolthub, G3n, and HashiCorp Vault.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published