flywithu/community-catalog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update secrets bridge (#272)

Browse Source
This commit is contained in:
Bill Maxwell 2016-09-09 12:50:52 -07:00 committed by GitHub
parent 855af340f7
commit a00d892288
4 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/secrets-bridge-agents/0/README.md
View File

@ -6,6 +6,10 @@ Only works with Hashicorp Vault server in dev mode currently.
--- ---
#### Description: #### Description:
This is the agent component for the Vault secrets bridge with Rancher. This service will be deployed in the environment running applications that need secrets. This service does not have direct access to Vault, it communicates with the Secrets Bridge server. This is the agent component for the Vault secrets bridge with Rancher. This service will be deployed in the environment running applications that need secrets. This service does not have direct access to Vault, it communicates with the Secrets Bridge server.
#### Setup
See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md)
#### Pre-reqs: #### Pre-reqs:

2
templates/secrets-bridge-agents/0/docker-compose.yml
View File

@ -1,5 +1,5 @@
secrets-bridge: secrets-bridge:
image: rancher/secrets-bridge:v0.0.3 image: rancher/secrets-bridge:v0.1.0
command: agent --bridge-url ${BRIDGE_URL} command: agent --bridge-url ${BRIDGE_URL}
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

4
templates/secrets-bridge-server/0/README.md
View File

@ -8,6 +8,10 @@ Only works with Hashicorp Vault server in dev mode currently.
This is the server side component for the Vault Secrets bridge with Rancher. This service should *NOT* be deployed in the same environment as user applications. It will have access to Vault, and compromising it will give the person access to *ALL* secrets available in that environment. It should instead be run in an environment reserved for the team operating Rancher. This is the server side component for the Vault Secrets bridge with Rancher. This service should *NOT* be deployed in the same environment as user applications. It will have access to Vault, and compromising it will give the person access to *ALL* secrets available in that environment. It should instead be run in an environment reserved for the team operating Rancher.
The reason this uses a temporary Cubbyhole token to start the service is that ENV variables do show up in the Rancher API and Docker inspect commands. That said, if this service fails, the issuing token will expire and all app tokens will also expire. The reason this uses a temporary Cubbyhole token to start the service is that ENV variables do show up in the Rancher API and Docker inspect commands. That said, if this service fails, the issuing token will expire and all app tokens will also expire.
#### Setup
See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md)
#### Pre-reqs: #### Pre-reqs:

2
templates/secrets-bridge-server/0/docker-compose.yml
View File

@ -1,5 +1,5 @@
secrets-bridge: secrets-bridge:
image: rancher/secrets-bridge:v0.0.3 image: rancher/secrets-bridge:v0.1.0
environment: environment:
CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY} CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY}
CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY} CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY}