https://github.com/romantomjak/knock-knock

Utility for obtaining database credentials from Consul and Vault
https://github.com/romantomjak/knock-knock

consul credentials database-access password utility vault

Last synced: 6 months ago
JSON representation

Utility for obtaining database credentials from Consul and Vault

• Host: GitHub
• URL: https://github.com/romantomjak/knock-knock
• Owner: romantomjak
• License: mit
• Created: 2020-02-07T14:59:58.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-05-27T20:15:50.000Z (almost 6 years ago)
• Last Synced: 2025-01-23T07:10:01.197Z (over 1 year ago)
• Topics: consul, credentials, database-access, password, utility, vault
• Language: Go
• Size: 63.5 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


    



Utility for obtaining database credentials from Consul and Vault.


## Getting started

### Installation

Download and install using go get:

```sh

go get -u github.com/romantomjak/knock-knock

```

or grab a binary from [releases](https://github.com/romantomjak/knock-knock/releases/latest) section!

### Configuration

Configuration by default is read from `~/.knock-knock.conf`. It is based on the [INI](https://en.wikipedia.org/wiki/INI_file) file format which is rendered by Go [template](https://golang.org/pkg/html/template/).

```ini

[myservice]

host = {{ key "services/myservice/db/host" }}

port = 5432

username = {{ with secret "secret/services/myservice/db" }}{{ .Data.username }}{{ end }}

password = {{ with secret "secret/services/myservice/db" }}{{ .Data.password }}{{ end }}

dbname = {{ key "services/myservice/db/database" }}

```

Sections are your service names. They appear on a line by itself, in square

brackets ([ and ]). `key` retrieves values from Consul and likewise `secret`

is for retrieving secrets from Vault.

#### Autocomplete

knock-knock supports configuration section autocomplete. Autocomplete can be

installed or uninstalled by running the following on bash or zsh shells:

```sh

knock-knock -autocomplete-install

knock-knock -autocomplete-uninstall

```

#### Vault K/V version 2 backend

Version 2 of the K/V backend can retain a configurable number of versions for

each key. Here's how to access a versioned secret value:

```hcl

password = {{ with secret "secret/services/myservice/db" }}{{ .Data.data.password }}{{ end }}

```

Note the nested `.Data.data` syntax when referencing the secret value. For more

information about using the K/V v2 backend, see the [Vault Documentation](https://www.vaultproject.io/docs/secrets/kv/kv-v2/).

### Usage

Running the application requires you to specify a service name from the

configuration file:

```sh

export VAULT_AUTH_GITHUB_TOKEN=

export VAULT_ADDR=http://127.0.0.1:8200

export CONSUL_HTTP_ADDR=127.0.0.1:8500

$ knock-knock myservice

host = myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com

port = 5432

username = awsuser

password = awssecretpassword

dbname = awsdatabase

```

Magic! :sparkles:

## Contributing

You can contribute in many ways and not just by changing the code! If you have

any ideas, just open an issue and tell me what you think.

Contributing code-wise - please fork the repository and submit a pull request.

## Credits

Logo made by Ely Wahib from [http://wahib.me](http://wahib.me)

## License

MIT