https://github.com/zmb3/blackbox
Move Concourse params to Vault
https://github.com/zmb3/blackbox
Last synced: about 1 year ago
JSON representation
Move Concourse params to Vault
- Host: GitHub
- URL: https://github.com/zmb3/blackbox
- Owner: zmb3
- License: apache-2.0
- Created: 2017-08-17T14:26:25.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2017-10-11T20:27:38.000Z (over 8 years ago)
- Last Synced: 2025-03-11T18:53:24.038Z (over 1 year ago)
- Language: Go
- Size: 7.93 MB
- Stars: 3
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# blackbox
A tool for moving secrets from Concourse params files into Vault.
## Installation
Download a [release](https://github.com/zmb3/blackbox/releases) for your platform, or:
```
$ go get -u github.com/zmb3/blackbox
```
## Usage
First, set the `VAULT_ADDR` and `VAULT_TOKEN` environment variables.
Run blackbox with:
```
$ blackbox -in params.yml -out sanitized.yml -path concourse/myteam/mypipeline
```
For each parameter, the tool will ask you whether or not you would like to move it
to Vault. To accept the default value (no), simply press enter. To move the param
to Vault, enter `y` and press enter.
When the tool completes, it will write a new YML file containing only the non-sensitive
Values that were not moved to vault.
### Example
```sh
$ cat params.yml
secret1: password1
param1: param1
secret2: password2
username: admin
$ ./blackbox -in params.yml -out params2.yml -path secret/pipeline
move secret1? (n): y
move param1? (n):
move secret2? (n): y
move username? (n):
$ cat params2.yml
param1: param1
username: admin
$ vault list secret/pipeline
Keys
----
secret1
secret2
$ vault read secret/pipeline/secret1
Key Value
--- -----
refresh_interval 768h0m0s
value password1
```