{"id":20931845,"url":"https://github.com/wjsc/remote-config","last_synced_at":"2025-05-13T19:33:40.124Z","repository":{"id":57169503,"uuid":"300902348","full_name":"wjsc/remote-config","owner":"wjsc","description":"GRPC Externalized config server with built-in encryption for microservices architecture","archived":false,"fork":false,"pushed_at":"2020-10-13T21:35:33.000Z","size":9077,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-13T02:41:59.643Z","etag":null,"topics":["architecture","config","microservices-architecture","server","storage-engine"],"latest_commit_sha":null,"homepage":"https://github.com/wjsc/remote-config","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wjsc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-10-03T14:42:00.000Z","updated_at":"2020-10-13T23:52:35.000Z","dependencies_parsed_at":"2022-09-14T01:01:51.913Z","dependency_job_id":null,"html_url":"https://github.com/wjsc/remote-config","commit_stats":null,"previous_names":["wjsc/remote-config-grpc"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wjsc%2Fremote-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wjsc%2Fremote-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wjsc%2Fremote-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wjsc%2Fremote-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wjsc","download_url":"https://codeload.github.com/wjsc/remote-config/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225255898,"owners_count":17445423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["architecture","config","microservices-architecture","server","storage-engine"],"created_at":"2024-11-18T21:46:03.106Z","updated_at":"2024-11-18T21:46:03.616Z","avatar_url":"https://github.com/wjsc.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# remote-config\n\n- Externalized config server \u0026 client with built-in encryption for microservices architecture: https://microservices.io/patterns/externalized-configuration.html\n\n## General\n\n- Architecture:\n    - Storage engine: redis, mongodb, dynamodb or filesystem\n    - remote-config-server: https://hub.docker.com/r/imageswjsc/remote-config-server\n    - remote-config-client for nodejs: https://www.npmjs.com/package/@wjsc/remote-config-client\n    - remote-config-client for Command line interface(CLI)\n\n- The remote-config server stores remote-configs with this structure:\n    - namespace\n    - key\n    - value\n\n- Every remote-config stored has client side encryption with asymetric keys.\n- value is encrypted with public key and it's only accesible by the remote-config owner\n\n\n## Getting started\n### 1. Start redis as storage engine\n```\ndocker run --name remote-config-db-redis -p6379:6379 -d redis\n```\n\n### 2. Generate private \u0026 public keys for a specific namespace for full TLS/SSL authentication\n- You can ignore this step if no authentication is required\n\n#### 2.1. Install certstrap\n```\nwget https://github.com/square/certstrap/releases/download/v1.1.1/certstrap-v1.1.1-linux-amd64\nmv certstrap-v1.1.1-linux-amd64 certstrap\nchmod +x certstrap\n```\n#### 2.2. Generating a root certificate authority \n```\ncertstrap init --organization \"ca\" --common-name \"ca\"\n```\n#### 2.3. Generating a server certificate \u0026 Sign server certificate \n```\ncertstrap request-cert --common-name \"server\" --domain \"localhost\"\ncertstrap sign --CA ca \"server\"\n```\n#### 2.4. Create client certificate \u0026 Sign client certificate \n```\ncertstrap request-cert --common-name \"client\"\ncertstrap sign --CA ca \"client\"\n```\n\n#### 2.5. Move files to folders\n```\ncp ./out/ca.crt ./server/certs\ncp ./out/server* ./server/certs\ncp ./out/ca.crt ./client/cli/certs\ncp ./out/client* ./client/cli/certs\n```\n\n### 3. Run remote-config-server and connect to redis storage\n- If no authentication is required, remove CA_CERT_PATH, KEY_PATH \u0026 CERT_PATH from command\n\n```\ndocker run -p3000:3000 \\\n    -e STORAGE=redis \\\n    -e DATABASE_HOST=host.docker.internal \\\n    -e DATABASE_PORT=6379 \\\n    -e HOST=0.0.0.0 \\\n    -e PORT=3000 \\\n    -v $PWD/certs:/home/node/certs/ \\\n    -e CA_CERT_PATH=/home/node/certs/ca.crt \\\n    -e KEY_PATH=/home/node/certs/server.key \\\n    -e CERT_PATH=/home/node/certs/server.crt \\\n    --name remote-config-server-redis \\\n    -d imageswjsc/remote-config-server\n```\n\n### 4. Install CLI client dependencies\n```\ncd ./client/cli\nnpm i\n```\n\n\n### 5. Test saving \u0026 retrieving a remote-config with encryption\n```\ncd ./client/cli\n\nnode set_config.js -r certs/client.key -l certs/client.crt -a certs/ca.crt -n ns1 -k key1 -h localhost:3000\n// The CLI will prompt for value\n// output: { namespace: 'ns1', key: 'key1', value: 'value1' }\n\nnode get_config.js  -r certs/client.key -l certs/client.crt -a certs/ca.crt -n ns1 -k key1 -h localhost:3000\n// output: { namespace: 'ns1', key: 'key1', value: 'value1' }\n```\n\n### 6. Test saving \u0026 retrieving a remote-config without encryption\n```\ncd ./client/cli\n\nnode set_config.js -r certs/client.key -l certs/client.crt -a certs/ca.crt -n ns2 -k key2 -h localhost:3000 -x\n// The CLI will prompt for value\n// output: { namespace: 'ns2', key: 'key2', value: 'value2' }\n\nnode get_config.js -r certs/client.key -l certs/client.crt -a certs/ca.crt -n ns2 -k key2 -h localhost:3000 -x\n// output: { namespace: 'ns2', key: 'key2', value: 'value2' }\n```\n\n\n### CLI Client help\n\n#### 1. Retrieve a remote config\n```\nnode get_config.js --help\nUsage: get_config [options]\n\nOptions:\n  -x, --share                  Do not encrypt value\n  -r, --private \u003cpath\u003e         Client private key path\n  -l, --clientcert \u003cpath\u003e      Client Certificate path\n  -a, --cacert \u003cpath\u003e          CA Certificate path\n  -n, --namespace \u003cnamespace\u003e  Config namespace\n  -k, --key \u003ckey\u003e              Config key\n  -h, --host \u003cvalue\u003e           Remote config server ip:port\n  --help                       display help for command\n\n```\n\n#### 2. Save a remote config\n```\nnode set_config.js --help\nUsage: set_config [options]\n\nOptions:\n  -x, --share                  Do not encrypt value\n  -r, --private \u003cpath\u003e         Client private key path\n  -l, --clientcert \u003cpath\u003e      Client Certificate path\n  -a, --cacert \u003cpath\u003e          CA Certificate path\n  -n, --namespace \u003cnamespace\u003e  Config namespace\n  -k, --key \u003ckey\u003e              Config key\n  -h, --host \u003cvalue\u003e           Remote config server ip:port\n  --help                       display help for command\n```\n\n\n### Run remote-config-server and connect to filesystem as storage engine\n```\ndocker run -p3000:3000 \\\n    -e STORAGE=filesystem \\\n    -v $PWD/data:/home/node/.storage \\\n    -e HOST=0.0.0.0 \\\n    -e PORT=3000 \\\n    --name remote-config-server-fs \\\n    -v $PWD/certs:/home/node/certs/ \\\n    -e CA_CERT_PATH=/home/node/certs/ca.crt \\\n    -e KEY_PATH=/home/node/certs/server.key \\\n    -e CERT_PATH=/home/node/certs/server.crt \\\n    -d imageswjsc/remote-config-server\n```\n\n\n### Run remote-config-server and connect to mongodb as storage engine\n```\ndocker run --name remote-config-db-mongodb -p27017:27017 -d mongo\ndocker run -p3000:3000 \\\n    -e STORAGE=mongodb \\\n    -e DATABASE_HOST=host.docker.internal \\\n    -e DATABASE_PORT=27017 \\\n    -e DATABASE_NAME=remote-config-storage \\\n    -e DATABASE_COLLECTION=remote-config-collection \\\n    -e HOST=0.0.0.0 \\\n    -e PORT=3000 \\\n    -v $PWD/certs:/home/node/certs/ \\\n    -e CA_CERT_PATH=/home/node/certs/ca.crt \\\n    -e KEY_PATH=/home/node/certs/server.key \\\n    -e CERT_PATH=/home/node/certs/server.crt \\\n    --name remote-config-server-mongodb \\\n    -d imageswjsc/remote-config-server\n```\n\n### Run remote-config-server and connect to dynamodb as storage engine\n```\ndocker run --name remote-config-db-dynamodb -p8000:8000 -d amazon/dynamodb-local\ndocker run -p3000:3000 \\\n    -e STORAGE=dynamodb \\\n    -e AWS_REGION=us-east-1 \\\n    -e DYNAMODB_ENDPOINT=http://localhost:8000 \\\n    -e DATABASE_TABLENAME=remote-config-storage \\\n    -e DYNAMODB_CAPACITY_READ=5 \\\n    -e DYNAMODB_CAPACITY_WRITE=5 \\\n    -e HOST=0.0.0.0 \\\n    -e PORT=3000 \\\n    -v $PWD/certs:/home/node/certs/ \\\n    -e CA_CERT_PATH=/home/node/certs/ca.crt \\\n    -e KEY_PATH=/home/node/certs/server.key \\\n    -e CERT_PATH=/home/node/certs/server.crt \\\n    --name remote-config-server-dynamodb \\\n    -d imageswjsc/remote-config-server\n```\n\n### Environment variables supported\n```\nSTORAGE: Storage engine. Redis OR mongodb OR filesystem\nDATABASE_HOST: Database connection endpoint\nDATABASE_PORT: Database connection port\nDATABASE_NAME: Database name\nDATABASE_COLLECTION: Optional. Only when using mongodb as storage engine.\nHOST: Server binding IP\nPORT: Server binding port\nCA_CERT_PATH: Optional. Certificate authority certificate path for SSL/TLS authentication. This file must be mounted.\nKEY_PATH: Optional. Server private key path for SSL/TLS authentication. This file must be mounted.\nCERT_PATH: Optional. Server certificate path for SSL/TLS authentication. This file must be mounted.\nIGNORE_CLIENT_CERT: Ignore client certificate, only authenticate server.\nAWS_REGION: Optional. Region for dynamodb.\nAWS_ENDPOINT: Optional. Endpoint for dynamodb service\nAWS_ACCESS_KEY_ID: Optional. Only for dynamodb. \nAWS_SECRET_ACCESS_KEY: Optional. Only for dynamodb.\nDATABASE_TABLENAME: Optional. Only for dynamodb.\nDYNAMODB_CAPACITY_READ: Optional. Only for dynamodb.\nDYNAMODB_CAPACITY_WRITE: Optional. Only for dynamodb.\n\n/// If CA_CERT_PATH, KEY_PATH \u0026 CERT_PATH are not defined, the server can run in insecure mode\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwjsc%2Fremote-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwjsc%2Fremote-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwjsc%2Fremote-config/lists"}