Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/romantomjak/knock-knock

Utility for obtaining database credentials from Consul and Vault
https://github.com/romantomjak/knock-knock

consul credentials database-access password utility vault

Last synced: 25 days ago
JSON representation

Utility for obtaining database credentials from Consul and Vault

Host: GitHub
URL: https://github.com/romantomjak/knock-knock
Owner: romantomjak
License: mit
Created: 2020-02-07T14:59:58.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-05-27T20:15:50.000Z (over 4 years ago)
Last Synced: 2024-06-20T05:08:17.890Z (5 months ago)
Topics: consul, credentials, database-access, password, utility, vault
Language: Go
Size: 63.5 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        


    



Utility for obtaining database credentials from Consul and Vault.


## Getting started

### Installation

Download and install using go get:

```sh

go get -u github.com/romantomjak/knock-knock

```

or grab a binary from [releases](https://github.com/romantomjak/knock-knock/releases/latest) section!

### Configuration

Configuration by default is read from `~/.knock-knock.conf`. It is based on the [INI](https://en.wikipedia.org/wiki/INI_file) file format which is rendered by Go [template](https://golang.org/pkg/html/template/).

```ini

[myservice]

host = {{ key "services/myservice/db/host" }}

port = 5432

username = {{ with secret "secret/services/myservice/db" }}{{ .Data.username }}{{ end }}

password = {{ with secret "secret/services/myservice/db" }}{{ .Data.password }}{{ end }}

dbname = {{ key "services/myservice/db/database" }}

```

Sections are your service names. They appear on a line by itself, in square

brackets ([ and ]). `key` retrieves values from Consul and likewise `secret`

is for retrieving secrets from Vault.

#### Autocomplete

knock-knock supports configuration section autocomplete. Autocomplete can be

installed or uninstalled by running the following on bash or zsh shells:

```sh

knock-knock -autocomplete-install

knock-knock -autocomplete-uninstall

```

#### Vault K/V version 2 backend

Version 2 of the K/V backend can retain a configurable number of versions for

each key. Here's how to access a versioned secret value:

```hcl

password = {{ with secret "secret/services/myservice/db" }}{{ .Data.data.password }}{{ end }}

```

Note the nested `.Data.data` syntax when referencing the secret value. For more

information about using the K/V v2 backend, see the [Vault Documentation](https://www.vaultproject.io/docs/secrets/kv/kv-v2/).

### Usage

Running the application requires you to specify a service name from the

configuration file:

```sh

export VAULT_AUTH_GITHUB_TOKEN=

export VAULT_ADDR=http://127.0.0.1:8200

export CONSUL_HTTP_ADDR=127.0.0.1:8500

$ knock-knock myservice

host = myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com

port = 5432

username = awsuser

password = awssecretpassword

dbname = awsdatabase

```

Magic! :sparkles:

## Contributing

You can contribute in many ways and not just by changing the code! If you have

any ideas, just open an issue and tell me what you think.

Contributing code-wise - please fork the repository and submit a pull request.

## Credits

Logo made by Ely Wahib from [http://wahib.me](http://wahib.me)

## License

MIT