Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Option to combine repositories into a single folder #131

Open
claflico opened this issue Jan 18, 2017 · 1 comment
Open

Feature Request: Option to combine repositories into a single folder #131

claflico opened this issue Jan 18, 2017 · 1 comment

Comments

@claflico
Copy link

We are moving to consul to manage our app configs outside of the apps. We're also hoping to use it to include our "secrets" in the app configs as well since Vault is way too complex for our current needs. The powers-that-be want Developers to have access to their project's DEV/QA secrets but restrict them from accessing UAT/PRD secrets.

We presently have about 8 projects and each project gets its own repo to store their configs for each app. Each repo will have branches for DEV, QA, UAT, & PRD with the key-values stored in yaml files named for each app.

I use a cronjob to run git2consul with a config.json file every X minutes to pull each project's repo environment branch into separate folders on the respective consul cluster. i.e. the DEV branch of PROJ1's kv repo goes into the PROJ1 folder on the DEV consul server, the DEV branch of PROJ2's kv repo goes into the PROJ2 folder on the DEV consul server, etc.

I am using consul-template to generate the config files for each application from template files included in each app.

This is currently working but won't allow hiding of UAT/PRD secrets.

What I need to be able to accomplish is include a secure.yaml file in the DEV/QA branch of each project but not include it in the UAT/PRD branches. The secure.yaml file for the UAT/PRD branches will be stored in a separate repository that only DevOps has access to. On the UAT/PRD consul servers I need to be able to combine the two repos into a single PROJ directory so that the same consul-template file can be used across all of the environments.

I just did some testing and think that I can make this scenario work by using 2 different config.json files with the local_store pointed at different directories but this feels like a hack to me since the "git2consul/config" and the "PROJ1/DEV" values change with every cron run.
@calvn
Copy link
Contributor

calvn commented Jan 19, 2017

You might be able to achieve what you are looking for by using git2consul + gosecret + fsconsul.

For a more detailed example, the gosecret readme provides a similar scenario along with the proper setup explanation on how this can be done.

@calvn calvn mentioned this issue Jan 28, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@calvn @claflico