Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Channel password from environment #146

Closed
toxuin opened this issue May 22, 2019 · 4 comments · Fixed by #148
Closed

Channel password from environment #146

toxuin opened this issue May 22, 2019 · 4 comments · Fixed by #148
Labels
help wanted Extra attention is needed

Comments

@toxuin
Copy link

toxuin commented May 22, 2019

It would be surely a nice feature to be able to populate a Sonic Channel password from the environmental variable rather from the config file.

@valeriansaliou
Copy link
Owner

What's the exact use case for this? Can you explain?

@perzanko
Copy link
Contributor

perzanko commented May 23, 2019

I think @toxuin means that config can't be stored on eg. git repo because it contains a secret password. If sonic would allow you to overwrite the configuration based on environment variables, this would allow safe sharing of the config file.
For example:
config.cfg

...
[channel]

auth_password = "${env.SECRET}"

then run sonic providing env. variable

SECRET=secretphrase sonic -c config.cfg

Does it make sense?

@toxuin
Copy link
Author

toxuin commented May 23, 2019

Well in our use case I was going to create a CI pipleline that would build the container with everything it needs including the configuration, but without any secrets in it, push it to Amazon ECR and then populate all the secrets right before app start on ECS. I believe other container orchestrators recommend the same or similar approach.

Putting any passwords in either git or container repo feels wrong.

CI is controlled by a 3rd party company where jobs are ran on shared compute resources.
Git repo resides on another 3rd party service with a bunch of yet another 3rd (4th? :-D ) party integrations.

@valeriansaliou
Copy link
Owner

Ah, okay. That definitely makes sense then, and I agree with that use case.

I'm open to PRs on this, should not be too hard / long to implement! Check the ./config module from Sonic, which contains configuration readers and parsers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants