Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jjeffery/hclconfig

HCL configuration files
https://github.com/jjeffery/hclconfig

changes configuration encryption http kms s3

Last synced: 4 months ago
JSON representation

HCL configuration files

Awesome Lists containing this project

README 

          
# hclconfig:  Configuration file support for cloud-based servers

[![GoDoc](https://godoc.org/github.com/jjeffery/hclconfig?status.svg)](https://godoc.org/github.com/jjeffery/hclconfig)

[![License](http://img.shields.io/badge/license-MIT-green.svg?style=flat)](https://raw.githubusercontent.com/jjeffery/hclconfig/master/LICENSE.md)

[![Build Status (Linux)](https://travis-ci.org/jjeffery/hclconfig.svg?branch=master)](https://travis-ci.org/jjeffery/hclconfig)

[![Coverage Status](https://coveralls.io/repos/github/jjeffery/hclconfig/badge.svg?branch=master)](https://coveralls.io/github/jjeffery/hclconfig?branch=master)

[![GoReportCard](https://goreportcard.com/badge/github.com/jjeffery/hclconfig)](https://goreportcard.com/report/github.com/jjeffery/hclconfig)



Package hclconfig is designed to reduce the effort required to access

a configuration file. It is particularly useful for cloud-based server 

applications that load configuration data via HTTP.



The main features this package provides are:



* Download configuration via HTTP/HTTPS, from an S3 bucket or from a local file

* Detect if the configuration file has changed since it was downloaded

* Provide encryption at rest for confidential information in the configuration file



This package is designed to work with configuration files that are in 

[HCL](https://github.com/hashicorp/hcl) format. The reason for this choice

is that it is straightforward to parse an HCL file into an 

[AST](https://en.wikipedia.org/wiki/Abstract_syntax_tree), which makes it

possible to implement a convenient mechanism for encrypting and decrypting

confidential information.



## Simple Example

```go

// eg "https://config.my-app.net/my-app-config.hcl"

// eg "s3://config-bucket/my-app-config.hcl"

// eg "/etc/my-ap-config.hcl"

location := os.Getenv("CONFIG")



// download the config file, and decrypt any confidential information

file, err := hclconfig.Get(location)

exitIfError(err)



var db struct {

    Database struct {

        Provider  string

        SecretDSN string

    }

}



// decode the information we are after into db

err = file.Decode(&db)

exitIfError(err)



db, err := sql.Open(db.Database.Provider, db.Database.SecretDSN)

exitIfError(err)



// simple example of a goroutine that will initiate graceful shutdown

// if it detects a change in the configuration file

go func() {

    for {

        time.Sleep(time.Minute)

        changed, err := file.HasChanged()

        handleErr(err)

        if changed {

            initiateGracefulShutdown()

        }

    }

}()

```



## Encryption



Confidential information is encrypted at rest using AES-256 CBC + HMAC-SHA256.



The 256-bit data encryption key is stored as a ciphertext blob in the

configuration file. The data encryption key is encrypted using 

[AWS KMS](https://aws.amazon.com/kms/). Other encryption providers could 

be implemented in a future version of this package.



Example of an unencrypted configuration file

```hcl

database {

    provider = "postgres"

    secretDSN = "user=produ password=s3cret dbname=proddb host=prodhost"

}

```



Example of an encrypted configuration file

```hcl

database {

    provider = "postgres"



    secretDSN {

        ciphertext = <