Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional zrok config Options #224

Closed
michaelquigley opened this issue Feb 8, 2023 · 4 comments
Closed

Additional zrok config Options #224

michaelquigley opened this issue Feb 8, 2023 · 4 comments
Assignees
@michaelquigley
Labels
enhancement Enhancement of an existing feature
Milestone
v1.0

Comments

@michaelquigley
Copy link
Collaborator

Incorporate additional zrok config options to allow additional personalization and customization of environment behaviors.

  • default parsing substitutions
  • headless mode
  • etc.
@michaelquigley michaelquigley added the enhancement Enhancement of an existing feature label Feb 8, 2023
@michaelquigley michaelquigley added this to the v0.4 milestone Feb 8, 2023
@qrkourier
Copy link
Member

This issue sounds like it might encompass what I'm looking for in zrok: flexibility in defining controller and frontend configuration. For example, providing a function or env var that returns a secret value instead of hard-coding the plaintext secret in the config file. This mitigates a variety of attacks and enables graceful secret rotation, e.g. the admin token, the ziti admin pw.

This isn't a blocker to deployment because I can still templatize the config YAML files and re-declare their contents with a configuration management system like Helm or Ansible.

Use case example: let's say I like to keep my secrets in AWS Secrets Manager or Hashicorp Vault. If zrok allowed me to provide a function instead of the plaintext secret, then I could provide an executable function that returns the correct secret value. zrok would invoke the function whenever it needs to cache the secret in memory.

@michaelquigley michaelquigley self-assigned this Feb 13, 2023
@qrkourier
Copy link
Member

I'll leave this link in case it helps. I stumbled across Viper, a Go library for flexible configuration.

@michaelquigley michaelquigley mentioned this issue Mar 6, 2023
Closed
@qrkourier
Copy link
Member

qrkourier commented Apr 5, 2023
edited
Loading

Is there any alternative to storing the admin secret and ziti mgmt password in the config file in 0.4?

@qrkourier
Copy link
Member

My preference is to provide secrets to zrok as files, e.g.,

      influx:
          url:            http://influxdb.zrok.svc
          bucket:         zrok
          org:            zrok
          token_file:     /var/run/secrets/zrok.io/influxdb.admin-token

@michaelquigley michaelquigley mentioned this issue Jul 6, 2023
Open
@michaelquigley michaelquigley modified the milestones: v0.4, v0.5 Dec 29, 2023
michaelquigley added a commit that referenced this issue Sep 26, 2024
@michaelquigley
add new 'headless' config option (#224)
b1daabf
@michaelquigley michaelquigley mentioned this issue Sep 30, 2024
Merged
michaelquigley added a commit that referenced this issue Sep 30, 2024
@michaelquigley
Merge pull request #758 from openziti/more_config
70f5a23 
More Config (Headless Mode) (#224)
@qrkourier qrkourier mentioned this issue Nov 22, 2024
Open
@michaelquigley michaelquigley moved this from Evaluating to Done in zrok Development Roadmap Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelquigley michaelquigley

Labels
enhancement Enhancement of an existing feature
Projects
zrok Development Roadmap
Status: Done
Milestone
v1.0
Development

No branches or pull requests
2 participants
@qrkourier @michaelquigley