From a00d89228851e8224c9bfa35ed4aa2715f41fe7d Mon Sep 17 00:00:00 2001 From: Bill Maxwell Date: Fri, 9 Sep 2016 12:50:52 -0700 Subject: [PATCH] update secrets bridge (#272) --- templates/secrets-bridge-agents/0/README.md | 4 ++++ templates/secrets-bridge-agents/0/docker-compose.yml | 2 +- templates/secrets-bridge-server/0/README.md | 4 ++++ templates/secrets-bridge-server/0/docker-compose.yml | 2 +- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/templates/secrets-bridge-agents/0/README.md b/templates/secrets-bridge-agents/0/README.md index 9a34e60..dbd30ec 100644 --- a/templates/secrets-bridge-agents/0/README.md +++ b/templates/secrets-bridge-agents/0/README.md @@ -6,6 +6,10 @@ Only works with Hashicorp Vault server in dev mode currently. --- #### Description: This is the agent component for the Vault secrets bridge with Rancher. This service will be deployed in the environment running applications that need secrets. This service does not have direct access to Vault, it communicates with the Secrets Bridge server. + +#### Setup + +See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md) #### Pre-reqs: diff --git a/templates/secrets-bridge-agents/0/docker-compose.yml b/templates/secrets-bridge-agents/0/docker-compose.yml index 35de23f..25b4b92 100644 --- a/templates/secrets-bridge-agents/0/docker-compose.yml +++ b/templates/secrets-bridge-agents/0/docker-compose.yml @@ -1,5 +1,5 @@ secrets-bridge: - image: rancher/secrets-bridge:v0.0.3 + image: rancher/secrets-bridge:v0.1.0 command: agent --bridge-url ${BRIDGE_URL} volumes: - /var/run/docker.sock:/var/run/docker.sock diff --git a/templates/secrets-bridge-server/0/README.md b/templates/secrets-bridge-server/0/README.md index 78cc9b5..9882ca5 100644 --- a/templates/secrets-bridge-server/0/README.md +++ b/templates/secrets-bridge-server/0/README.md @@ -8,6 +8,10 @@ Only works with Hashicorp Vault server in dev mode currently. This is the server side component for the Vault Secrets bridge with Rancher. This service should *NOT* be deployed in the same environment as user applications. It will have access to Vault, and compromising it will give the person access to *ALL* secrets available in that environment. It should instead be run in an environment reserved for the team operating Rancher. The reason this uses a temporary Cubbyhole token to start the service is that ENV variables do show up in the Rancher API and Docker inspect commands. That said, if this service fails, the issuing token will expire and all app tokens will also expire. + +#### Setup + +See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md) #### Pre-reqs: diff --git a/templates/secrets-bridge-server/0/docker-compose.yml b/templates/secrets-bridge-server/0/docker-compose.yml index 2b6b70f..c84983d 100644 --- a/templates/secrets-bridge-server/0/docker-compose.yml +++ b/templates/secrets-bridge-server/0/docker-compose.yml @@ -1,5 +1,5 @@ secrets-bridge: - image: rancher/secrets-bridge:v0.0.3 + image: rancher/secrets-bridge:v0.1.0 environment: CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY} CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY}