flywithu/rancher_community-catalog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Addition of experimental secrets-bridge (#140)

Browse Source 
This is the basic service that enables bootstrapping keys to talk
with Vault.
This commit is contained in:
Bill Maxwell 2016-05-15 21:57:42 -07:00
parent 9b31003fce
commit 0e9fb0bc21
10 changed files with 454 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
templates/secrets-bridge-agents/0/README.md Normal file
View File

@ -0,0 +1,16 @@
## Secrets Bridge Agents (Experimental)
---
###Status: Experimental POC (Read: Do NOT use for production)
Only works with Hashicorp Vault server in dev mode currently.
---
#### Description:
This is the agent component for the Vault secrets bridge with Rancher. This service will be deployed in the environment running applications that need secrets. This service does not have direct access to Vault, it communicates with the Secrets Bridge server.
#### Pre-reqs:
An instance of Secrets Bridge server running.
#### Running this app
As services come up, this service will send events to the Secrets Bridge based on Docker start events. The server will (Not currently enforced) verify the signed token with Rancher server and get the launching containers Rancher environment, stack, service and Docker ID. With that information the Secrets Bridge server will check with Vault in the `configPath/environment/stack/service/container_name` for a key called policies. It checks from most specific and recursively looks down to the environment key. It uses the most specific match.

10
templates/secrets-bridge-agents/0/docker-compose.yml Normal file
View File

@ -0,0 +1,10 @@
secrets-bridge:
image: rancher/secrets-bridge:v0.0.2
command: agent --bridge-url ${BRIDGE_URL}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
privileged: true
labels:
io.rancher.container.create_agent: true
io.rancher.container.agent.role: agent
io.rancher.scheduler.global: true

11
templates/secrets-bridge-agents/0/rancher-compose.yml Normal file
View File

@ -0,0 +1,11 @@
.catalog:
name: "Secrets Bridge Agent"
version: 0.0.1-rancher1
description: |
Agent side of secrets bridge between Rancher and Vault
questions:
- variable: BRIDGE_URL
type: string
label: "Secrets Bridge URL"
required: true
description: "Should be the http(s)://address:port version of the url"

150
templates/secrets-bridge-agents/catalogIcon-secrets-bridge.svg Normal file
View File

@ -0,0 +1,150 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 19.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 283 195" style="enable-background:new 0 0 283 195;" xml:space="preserve">
<style type="text/css">
.st0{fill:#FFFFFF;}
.st1{fill:#00558B;}
.st2{fill:#CCD1D3;}
.st3{fill:#A3ABAF;}
.st4{fill:#3498DB;}
.st5{fill:#2980B9;}
.st6{fill:#E67E22;}
.st7{fill:#D35401;}
.st8{fill:#F1C40F;}
.st9{fill:#E49701;}
.st10{fill:#EADF5A;}
.st11{fill:#D7C320;}
.st12{fill:#34495E;}
.st13{fill:#2C3E50;}
.st14{fill:#2B2B2B;}
.st15{fill:#262626;}
.st16{fill:#3A6F81;}
.st17{fill:#356272;}
.st18{fill:#0075A8;}
.st19{fill:#27AE60;}
.st20{fill:#169242;}
.st21{fill:#A5C63B;}
.st22{fill:#8EB021;}
.st23{fill:#ECF0F1;}
.st24{fill:#BDC3C7;}
.st25{fill:#95A5A6;}
.st26{fill:#7F8C8D;}
.st27{fill:#E74C3C;}
.st28{fill:#C0392B;}
.st29{fill:#F15354;}
.st30{fill:#EA3738;}
.st31{fill:#78C9CF;}
.st32{fill:#389EA8;}
.st33{fill:#2D8490;}
.st34{fill:#1A6470;}
.st35{fill:#21364A;}
.st36{fill:#040B15;}
.st37{fill:#99A3A8;}
.st38{fill:#66767C;}
.st39{fill:#334851;}
.st40{fill:#5C686F;}
.st41{fill:#29373C;}
.st42{fill:#0A141A;}
.st43{fill:none;stroke:#334851;stroke-width:6;stroke-miterlimit:10;}
.st44{fill:none;stroke:#334851;stroke-width:5;stroke-miterlimit:10;}
.st45{fill:none;stroke:#334851;stroke-width:5.5366;stroke-miterlimit:10;}
.st46{fill:none;stroke:#78C9CF;stroke-width:6;stroke-linecap:square;stroke-miterlimit:10;}
.st47{fill:none;stroke:#78C9CF;stroke-width:4;stroke-miterlimit:10;}
.st48{fill:none;stroke:#78C9CF;stroke-width:5;stroke-linecap:square;stroke-miterlimit:10;}
.st49{fill:none;stroke:#78C9CF;stroke-width:6;stroke-miterlimit:10;}
.st50{fill:none;stroke:#ECF0F1;stroke-width:6;stroke-miterlimit:10;}
.st51{fill:none;stroke:#78C9CF;stroke-width:6;stroke-linecap:round;stroke-miterlimit:10;}
.st52{fill:none;stroke:#78C9CF;stroke-width:5;stroke-linecap:round;stroke-miterlimit:10;}
</style>
<rect x="30" class="st31" width="6" height="142"/>
<rect x="55" class="st31" width="6" height="143"/>
<rect x="70" y="49" class="st31" width="4" height="73"/>
<rect x="83" y="65" class="st31" width="4" height="44"/>
<rect x="98" y="75" class="st31" width="4" height="24"/>
<rect x="112" y="82" class="st31" width="4" height="11"/>
<rect x="168" y="82" class="st31" width="4" height="12"/>
<rect x="182" y="73" class="st31" width="4" height="26"/>
<rect x="210" y="48" class="st31" width="4" height="74"/>
<rect x="196" y="65" class="st31" width="4" height="45"/>
<rect x="30" y="8" class="st31" width="30" height="5"/>
<rect x="30" y="32" class="st31" width="30" height="5"/>
<rect x="30" y="55" class="st31" width="30" height="5"/>
<rect x="30" y="78" class="st31" width="30" height="5"/>
<rect x="222" class="st31" width="6" height="143"/>
<rect x="247" class="st31" width="6" height="142"/>
<rect x="222" y="8" class="st31" width="30" height="5"/>
<rect x="222" y="32" class="st31" width="30" height="5"/>
<rect x="222" y="55" class="st31" width="30" height="5"/>
<rect x="222" y="78" class="st31" width="30" height="5"/>
<path class="st31" d="M61.4,144.5l-5.5-2.4C70.8,108,104.5,86,141.7,86c37.1,0,70.8,22,85.8,55.9l-5.5,2.4
c-14-31.8-45.5-52.4-80.3-52.4C106.9,92,75.3,112.6,61.4,144.5z"/>
<path class="st31" d="M141.5,89.5C93.8,89.5,55,50.7,55,3V0h6v3c0,44.4,36.1,80.5,80.5,80.5S222,47.4,222,3V0h6v3
C228,50.7,189.2,89.5,141.5,89.5z"/>
<rect y="139" class="st31" width="283" height="6"/>
<rect y="189" class="st31" width="283" height="6"/>
<g>
<path class="st5" d="M173.4,115.7l-0.7-4.1c-0.2-1.3-0.7-2.4-1.1-2.4c-0.4,0-0.7,1.1-0.7,2.4v1.1c0,1.3-1.1,2.4-2.4,2.4h-1.1
c-0.1,0-0.2,0-0.2,0v3c0.1,0,0.2,0,0.2,0h4.1C172.7,118.1,173.6,117,173.4,115.7"/>
<path class="st5" d="M163.6,112.2H157c-0.1,0-0.1,0-0.2,0h-6.8c-0.1,0-0.2,0-0.2,0v-0.6c0-1.3-0.3-2.4-0.7-2.4
c-0.4,0-0.9,1.1-1.1,2.4l-0.7,4.1c-0.2,1.3,0.7,2.4,2,2.4h4.1c0.4,0,0.8-0.1,1.2-0.2c-0.1,0.7-0.7,1.2-1.5,1.2h-5.7
c-0.9,0-1.6-0.8-1.5-1.7l0.6-3.5c0.2-0.9-0.5-1.7-1.5-1.7h-28.3c-0.6,0-1.1,0.4-1.4,0.9l-5.3,8.1c-0.1,0.1-0.1,0.3,0,0.4l1,1.2
c0.1,0.2,0.4,0.2,0.5,0.1l3.6-2.9v17.4c0,0.8,0.7,1.5,1.5,1.5h8c0.8,0,1.5-0.7,1.5-1.5v-6c0-0.8,0.7-1.5,1.5-1.5h20.1
c0.8,0,1.5,0.7,1.5,1.5v6c0,0.8,0.7,1.5,1.5,1.5h8c0.8,0,1.5-0.7,1.5-1.5v-6.5h-4.3c-1.3,0-2.4-1.1-2.4-2.4v-4.2c0-0.8,0.4-1.5,1-2
v5c0,1.3,1.1,2.4,2.4,2.4h6.6c1.3,0,2.4-1.1,2.4-2.4v-12.7C166.1,113.3,165,112.2,163.6,112.2"/>
</g>
<g>
<path class="st5" d="M66.4,162.9c-0.1,0.2-0.2,0.3-0.3,0.4c-0.1,0.1-0.3,0.1-0.4,0.1c-0.2,0-0.3-0.1-0.5-0.2s-0.4-0.2-0.6-0.3
c-0.2-0.1-0.5-0.2-0.8-0.3c-0.3-0.1-0.6-0.2-1-0.2c-0.7,0-1.2,0.1-1.5,0.4c-0.3,0.3-0.5,0.7-0.5,1.1c0,0.3,0.1,0.6,0.3,0.8
c0.2,0.2,0.5,0.4,0.8,0.5c0.3,0.1,0.7,0.3,1.1,0.4c0.4,0.1,0.8,0.3,1.3,0.4c0.4,0.2,0.8,0.3,1.3,0.5s0.8,0.5,1.1,0.8
c0.3,0.3,0.6,0.7,0.8,1.1s0.3,1,0.3,1.6c0,0.7-0.1,1.4-0.4,2c-0.2,0.6-0.6,1.2-1.1,1.6c-0.5,0.5-1,0.8-1.7,1.1s-1.5,0.4-2.3,0.4
c-0.5,0-1,0-1.5-0.1c-0.5-0.1-1-0.2-1.4-0.4c-0.5-0.2-0.9-0.4-1.3-0.6c-0.4-0.2-0.8-0.5-1.1-0.8l1.1-1.7c0.1-0.1,0.2-0.2,0.3-0.3
c0.1-0.1,0.3-0.1,0.4-0.1c0.2,0,0.4,0.1,0.6,0.2c0.2,0.1,0.5,0.3,0.7,0.4c0.3,0.2,0.6,0.3,0.9,0.4c0.3,0.1,0.8,0.2,1.2,0.2
c0.6,0,1.1-0.1,1.5-0.4s0.5-0.7,0.5-1.3c0-0.4-0.1-0.6-0.3-0.9c-0.2-0.2-0.5-0.4-0.8-0.6c-0.3-0.1-0.7-0.3-1.1-0.4
c-0.4-0.1-0.8-0.2-1.2-0.4c-0.4-0.1-0.8-0.3-1.2-0.5c-0.4-0.2-0.8-0.5-1.1-0.8c-0.3-0.3-0.6-0.7-0.8-1.2c-0.2-0.5-0.3-1.1-0.3-1.8
c0-0.6,0.1-1.1,0.3-1.7c0.2-0.5,0.6-1,1-1.5c0.4-0.4,1-0.8,1.6-1c0.7-0.3,1.4-0.4,2.2-0.4c0.5,0,0.9,0,1.4,0.1
c0.4,0.1,0.9,0.2,1.3,0.3s0.8,0.3,1.1,0.5c0.3,0.2,0.7,0.4,0.9,0.7L66.4,162.9z"/>
<path class="st5" d="M74.2,162.5v3.6H79v2.6h-4.8v3.6h6.3v2.7h-9.8v-15.3h9.8v2.7H74.2z"/>
<path class="st5" d="M93.7,171.1c0.1,0,0.2,0,0.3,0s0.2,0.1,0.2,0.2l1.4,1.5c-0.6,0.8-1.4,1.4-2.3,1.8c-0.9,0.4-2,0.6-3.3,0.6
c-1.2,0-2.2-0.2-3.1-0.6c-0.9-0.4-1.7-0.9-2.3-1.6c-0.6-0.7-1.1-1.5-1.5-2.5c-0.3-1-0.5-2-0.5-3.1c0-1.1,0.2-2.2,0.6-3.1
c0.4-1,0.9-1.8,1.6-2.5c0.7-0.7,1.5-1.2,2.4-1.6c0.9-0.4,2-0.6,3.1-0.6c0.6,0,1.1,0.1,1.6,0.2s1,0.2,1.4,0.4
c0.4,0.2,0.8,0.4,1.2,0.6c0.4,0.3,0.7,0.5,1,0.8l-1.2,1.6c-0.1,0.1-0.2,0.2-0.3,0.3c-0.1,0.1-0.3,0.1-0.4,0.1c-0.1,0-0.2,0-0.4-0.1
c-0.1-0.1-0.2-0.1-0.4-0.2c-0.1-0.1-0.3-0.2-0.4-0.3c-0.2-0.1-0.3-0.2-0.5-0.3c-0.2-0.1-0.4-0.1-0.7-0.2c-0.3-0.1-0.6-0.1-1-0.1
c-0.6,0-1.1,0.1-1.6,0.3c-0.5,0.2-0.9,0.5-1.3,1c-0.4,0.4-0.6,0.9-0.8,1.5s-0.3,1.3-0.3,2.1c0,0.8,0.1,1.5,0.3,2.1
c0.2,0.6,0.5,1.1,0.9,1.5c0.4,0.4,0.8,0.7,1.3,1c0.5,0.2,1,0.3,1.6,0.3c0.3,0,0.6,0,0.9,0c0.3,0,0.5-0.1,0.7-0.2
c0.2-0.1,0.4-0.2,0.7-0.3c0.2-0.1,0.4-0.3,0.6-0.5c0.1-0.1,0.2-0.1,0.3-0.2C93.5,171.1,93.6,171.1,93.7,171.1z"/>
<path class="st5" d="M110.7,175.1h-3.2c-0.6,0-1-0.2-1.3-0.7l-2.5-4.4c-0.1-0.2-0.3-0.3-0.4-0.4c-0.1-0.1-0.4-0.1-0.6-0.1h-0.9v5.7
h-3.5v-15.3h5c1.1,0,2,0.1,2.8,0.3s1.4,0.5,1.9,1s0.9,0.9,1.1,1.4s0.3,1.2,0.3,1.8c0,0.5-0.1,1-0.2,1.4s-0.3,0.8-0.6,1.2
c-0.3,0.4-0.6,0.7-1,1s-0.8,0.5-1.3,0.7c0.2,0.1,0.4,0.3,0.7,0.4s0.4,0.4,0.5,0.6L110.7,175.1z M103.2,167c0.5,0,0.9-0.1,1.2-0.2
c0.3-0.1,0.6-0.3,0.8-0.5c0.2-0.2,0.4-0.5,0.5-0.8c0.1-0.3,0.1-0.6,0.1-0.9c0-0.7-0.2-1.2-0.7-1.6s-1.1-0.6-2-0.6h-1.4v4.5H103.2z"
/>
<path class="st5" d="M116.6,162.5v3.6h4.8v2.6h-4.8v3.6h6.3v2.7H113v-15.3h9.8v2.7H116.6z"/>
<path class="st5" d="M137.1,162.6h-4.3v12.5h-3.5v-12.5H125v-2.8h12.2V162.6z"/>
<path class="st5" d="M150.8,159.8c1.1,0,2,0.1,2.7,0.3c0.7,0.2,1.3,0.5,1.8,0.8c0.5,0.4,0.8,0.8,1,1.3c0.2,0.5,0.3,1.1,0.3,1.7
c0,0.3,0,0.7-0.1,1s-0.3,0.6-0.5,0.9s-0.5,0.5-0.8,0.8c-0.3,0.2-0.7,0.4-1.2,0.6c1,0.2,1.8,0.6,2.2,1.2c0.5,0.5,0.7,1.3,0.7,2.1
c0,0.7-0.1,1.3-0.4,1.8c-0.3,0.6-0.6,1-1.1,1.5c-0.5,0.4-1.1,0.7-1.8,1s-1.5,0.4-2.4,0.4h-6.1v-15.3H150.8z M148.8,162.4v3.8h1.8
c0.4,0,0.7,0,1.1-0.1c0.3-0.1,0.6-0.2,0.8-0.3c0.2-0.1,0.4-0.3,0.5-0.6s0.2-0.6,0.2-0.9c0-0.4,0-0.7-0.1-0.9
c-0.1-0.2-0.2-0.4-0.4-0.6c-0.2-0.1-0.4-0.3-0.7-0.3c-0.3-0.1-0.6-0.1-1-0.1H148.8z M151.3,172.4c0.5,0,0.9-0.1,1.2-0.2
c0.3-0.1,0.5-0.3,0.7-0.5c0.2-0.2,0.3-0.4,0.3-0.6c0.1-0.2,0.1-0.5,0.1-0.7c0-0.3,0-0.5-0.1-0.8c-0.1-0.2-0.2-0.4-0.4-0.6
s-0.4-0.3-0.7-0.4s-0.7-0.1-1.1-0.1h-2.5v3.8H151.3z"/>
<path class="st5" d="M172.8,175.1h-3.2c-0.6,0-1-0.2-1.3-0.7l-2.5-4.4c-0.1-0.2-0.3-0.3-0.4-0.4c-0.1-0.1-0.4-0.1-0.6-0.1h-0.9v5.7
h-3.5v-15.3h5c1.1,0,2,0.1,2.8,0.3s1.4,0.5,1.9,1s0.9,0.9,1.1,1.4s0.3,1.2,0.3,1.8c0,0.5-0.1,1-0.2,1.4s-0.3,0.8-0.6,1.2
c-0.3,0.4-0.6,0.7-1,1s-0.8,0.5-1.3,0.7c0.2,0.1,0.4,0.3,0.7,0.4s0.4,0.4,0.5,0.6L172.8,175.1z M165.3,167c0.5,0,0.9-0.1,1.2-0.2
c0.3-0.1,0.6-0.3,0.8-0.5c0.2-0.2,0.4-0.5,0.5-0.8c0.1-0.3,0.1-0.6,0.1-0.9c0-0.7-0.2-1.2-0.7-1.6s-1.1-0.6-2-0.6h-1.4v4.5H165.3z"
/>
<path class="st5" d="M178.8,175.1h-3.6v-15.3h3.6V175.1z"/>
<path class="st5" d="M196.6,167.4c0,1.1-0.2,2.1-0.6,3.1s-0.9,1.7-1.6,2.4c-0.7,0.7-1.5,1.2-2.5,1.6s-2.1,0.6-3.2,0.6h-5.9v-15.3
h5.9c1.2,0,2.3,0.2,3.2,0.6s1.8,0.9,2.5,1.6c0.7,0.7,1.2,1.5,1.6,2.4S196.6,166.3,196.6,167.4z M193,167.4c0-0.8-0.1-1.4-0.3-2
c-0.2-0.6-0.5-1.1-0.8-1.5c-0.4-0.4-0.8-0.7-1.3-1c-0.5-0.2-1.1-0.3-1.8-0.3h-2.4v9.8h2.4c0.7,0,1.3-0.1,1.8-0.3
c0.5-0.2,1-0.6,1.3-1c0.4-0.4,0.6-0.9,0.8-1.5C192.9,168.9,193,168.2,193,167.4z"/>
<path class="st5" d="M207.1,167.1h5.4v6.5c-0.8,0.6-1.6,1-2.5,1.2c-0.9,0.3-1.8,0.4-2.8,0.4c-1.3,0-2.4-0.2-3.4-0.6
c-1-0.4-1.9-0.9-2.7-1.6c-0.7-0.7-1.3-1.5-1.7-2.5c-0.4-1-0.6-2-0.6-3.1c0-1.1,0.2-2.2,0.6-3.1c0.4-1,0.9-1.8,1.6-2.5
c0.7-0.7,1.6-1.2,2.6-1.6c1-0.4,2.1-0.6,3.3-0.6c0.6,0,1.2,0.1,1.8,0.2c0.6,0.1,1.1,0.2,1.5,0.4c0.5,0.2,0.9,0.4,1.3,0.7
c0.4,0.3,0.7,0.5,1,0.8l-1,1.6c-0.2,0.2-0.4,0.4-0.6,0.5c-0.3,0.1-0.5,0-0.8-0.2c-0.3-0.2-0.5-0.3-0.8-0.4
c-0.2-0.1-0.5-0.2-0.8-0.3c-0.3-0.1-0.5-0.1-0.8-0.2s-0.6-0.1-1-0.1c-0.7,0-1.3,0.1-1.8,0.4c-0.5,0.2-1,0.6-1.4,1
c-0.4,0.4-0.7,0.9-0.9,1.5c-0.2,0.6-0.3,1.3-0.3,2c0,0.8,0.1,1.5,0.3,2.2s0.5,1.2,1,1.6c0.4,0.4,0.9,0.8,1.5,1
c0.6,0.2,1.2,0.3,1.9,0.3c0.4,0,0.8,0,1.2-0.1c0.3-0.1,0.7-0.2,1-0.3v-2.3h-1.5c-0.2,0-0.4-0.1-0.5-0.2c-0.1-0.1-0.2-0.3-0.2-0.5
V167.1z"/>
<path class="st5" d="M219.6,162.5v3.6h4.8v2.6h-4.8v3.6h6.3v2.7H216v-15.3h9.8v2.7H219.6z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

4
templates/secrets-bridge-agents/config.yml Normal file
View File

@ -0,0 +1,4 @@
name: "Secrets Bridge Agents"
description: "Agent side of bridge between Vault and Rancher"
version: "0.0.1-rancher1"
category: Security

55
templates/secrets-bridge-server/0/README.md Normal file
View File

@ -0,0 +1,55 @@
## Secrets Bridge Server (Experimental)
---
###Status: Experimental POC (Read: Do NOT use for production)
Only works with Hashicorp Vault server in dev mode currently.
---
#### Description:
This is the server side component for the Vault Secrets bridge with Rancher. This service should *NOT* be deployed in the same environment as user applications. It will have access to Vault, and compromising it will give the person access to *ALL* secrets available in that environment. It should instead be run in an environment reserved for the team operating Rancher.
The reason this uses a temporary Cubbyhole token to start the service is that ENV variables do show up in the Rancher API and Docker inspect commands.
#### Pre-reqs:
A Vault server in Dev mode.
Create Vault Policies and Roles for at least the Issuing token.
Something like:
```
vault policy-write grantor-Default ./policies/grantor-Default
vault policy-write test1 ./policies/test1
vault policy-write test2 ./policies/test2
```
```
curl -s -X POST -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"allowed_policies": "default,grantor,test1,test2"}' http://vault/v1/auth/token/roles/grantor-Default
```
#### Configure and Launch:
1. Create a token to be used to issue new tokens in the environment. As part of the "meta" on the token add a field called `configPath` and set that equal to a path in the secrets folder in Vault. (like `/secrets/secrets-bridge/Default`)
```
curl -s -X POST -H "X-Vault-Token: $ROOT_TOKEN" ${VAULT_URL}/v1/auth/token/create/grantor-Default -d '{"policies": ["default", "grantor", "test1", "test2"], "ttl": "72h", "meta": {"configPath": "secret/secrets-bridge/Default"}}' | jq -r '.auth.client_token'
```
2. Create a temporary token with (2) uses.
```
curl -s -H "X-Vault-Token: $ROOT_TOKEN" ${VAULT_URL}/v1/auth/token/create -d '{"policies": ["default"], "ttl": "15m", "num_uses": 2}'|jq -r '.auth.client_token'
```
3. Use the temporary token to put the issuing token into the Vault cubbyhole.
```
curl -X POST -H "X-Vault-Token: ${TEMP_TOKEN}" ${VAULT_URL}/v1/cubbyhole/Default -d "{\"permKey\": \"${PERM_TOKEN}\"}"
```
4. Create Cattle API keys for the environment this server will be handling. (Would recommend 1 server per environment)
5. Launch this app with all of the configs.

18
templates/secrets-bridge-server/0/docker-compose.yml Normal file
View File

@ -0,0 +1,18 @@
secrets-bridge:
image: rancher/secrets-bridge:v0.0.2
environment:
CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY}
CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY}
CATTLE_URL: ${CATTLE_URL}
VAULT_TOKEN: ${VAULT_TOKEN}
VAULT_CUBBYPATH: ${VAULT_CUBBYPATH}
command:
- server
- --vault-url
- ${VAULT_URL}
- --rancher-url
- $CATTLE_URL
- --rancher-secret
- ${CATTLE_SECRET_KEY}
- --rancher-access
- ${CATTLE_ACCESS_KEY}

36
templates/secrets-bridge-server/0/rancher-compose.yml Normal file
View File

@ -0,0 +1,36 @@
.catalog:
name: "Secrets Bridge Server"
version: 0.0.1-rancher1
description: |
Server side secrets bridge between Rancher and Vault
questions:
- variable: CATTLE_URL
type: string
label: "Cattle URL"
required: true
description: "URL to the Cattle Project this service is managing"
- variable: CATTLE_ACCESS_KEY
type: string
label: "Cattle Access Key"
required: true
description: "Cattle Access API Key"
- variable: CATTLE_SECRET_KEY
type: password
label: "Cattle Secret Key"
required: true
description: "Cattle Secret API Key"
- variable: VAULT_TOKEN
type: password
label: "Vault Temp Token"
required: true
description: "Temporary Token to Access Vault Cubbyhole"
- variable: VAULT_URL
type: string
label: "URL to Vault server"
required: true
description: "URL to the Vault server"
- variable: VAULT_CUBBYPATH
type: string
label: "Vault Cubbyhole Path"
required: true
description: "Path to get the permenant API key"

150
templates/secrets-bridge-server/catalogIcon-secrets-bridge.svg Normal file
View File

@ -0,0 +1,150 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 19.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 283 195" style="enable-background:new 0 0 283 195;" xml:space="preserve">
<style type="text/css">
.st0{fill:#FFFFFF;}
.st1{fill:#00558B;}
.st2{fill:#CCD1D3;}
.st3{fill:#A3ABAF;}
.st4{fill:#3498DB;}
.st5{fill:#2980B9;}
.st6{fill:#E67E22;}
.st7{fill:#D35401;}
.st8{fill:#F1C40F;}
.st9{fill:#E49701;}
.st10{fill:#EADF5A;}
.st11{fill:#D7C320;}
.st12{fill:#34495E;}
.st13{fill:#2C3E50;}
.st14{fill:#2B2B2B;}
.st15{fill:#262626;}
.st16{fill:#3A6F81;}
.st17{fill:#356272;}
.st18{fill:#0075A8;}
.st19{fill:#27AE60;}
.st20{fill:#169242;}
.st21{fill:#A5C63B;}
.st22{fill:#8EB021;}
.st23{fill:#ECF0F1;}
.st24{fill:#BDC3C7;}
.st25{fill:#95A5A6;}
.st26{fill:#7F8C8D;}
.st27{fill:#E74C3C;}
.st28{fill:#C0392B;}
.st29{fill:#F15354;}
.st30{fill:#EA3738;}
.st31{fill:#78C9CF;}
.st32{fill:#389EA8;}
.st33{fill:#2D8490;}
.st34{fill:#1A6470;}
.st35{fill:#21364A;}
.st36{fill:#040B15;}
.st37{fill:#99A3A8;}
.st38{fill:#66767C;}
.st39{fill:#334851;}
.st40{fill:#5C686F;}
.st41{fill:#29373C;}
.st42{fill:#0A141A;}
.st43{fill:none;stroke:#334851;stroke-width:6;stroke-miterlimit:10;}
.st44{fill:none;stroke:#334851;stroke-width:5;stroke-miterlimit:10;}
.st45{fill:none;stroke:#334851;stroke-width:5.5366;stroke-miterlimit:10;}
.st46{fill:none;stroke:#78C9CF;stroke-width:6;stroke-linecap:square;stroke-miterlimit:10;}
.st47{fill:none;stroke:#78C9CF;stroke-width:4;stroke-miterlimit:10;}
.st48{fill:none;stroke:#78C9CF;stroke-width:5;stroke-linecap:square;stroke-miterlimit:10;}
.st49{fill:none;stroke:#78C9CF;stroke-width:6;stroke-miterlimit:10;}
.st50{fill:none;stroke:#ECF0F1;stroke-width:6;stroke-miterlimit:10;}
.st51{fill:none;stroke:#78C9CF;stroke-width:6;stroke-linecap:round;stroke-miterlimit:10;}
.st52{fill:none;stroke:#78C9CF;stroke-width:5;stroke-linecap:round;stroke-miterlimit:10;}
</style>
<rect x="30" class="st31" width="6" height="142"/>
<rect x="55" class="st31" width="6" height="143"/>
<rect x="70" y="49" class="st31" width="4" height="73"/>
<rect x="83" y="65" class="st31" width="4" height="44"/>
<rect x="98" y="75" class="st31" width="4" height="24"/>
<rect x="112" y="82" class="st31" width="4" height="11"/>
<rect x="168" y="82" class="st31" width="4" height="12"/>
<rect x="182" y="73" class="st31" width="4" height="26"/>
<rect x="210" y="48" class="st31" width="4" height="74"/>
<rect x="196" y="65" class="st31" width="4" height="45"/>
<rect x="30" y="8" class="st31" width="30" height="5"/>
<rect x="30" y="32" class="st31" width="30" height="5"/>
<rect x="30" y="55" class="st31" width="30" height="5"/>
<rect x="30" y="78" class="st31" width="30" height="5"/>
<rect x="222" class="st31" width="6" height="143"/>
<rect x="247" class="st31" width="6" height="142"/>
<rect x="222" y="8" class="st31" width="30" height="5"/>
<rect x="222" y="32" class="st31" width="30" height="5"/>
<rect x="222" y="55" class="st31" width="30" height="5"/>
<rect x="222" y="78" class="st31" width="30" height="5"/>
<path class="st31" d="M61.4,144.5l-5.5-2.4C70.8,108,104.5,86,141.7,86c37.1,0,70.8,22,85.8,55.9l-5.5,2.4
c-14-31.8-45.5-52.4-80.3-52.4C106.9,92,75.3,112.6,61.4,144.5z"/>
<path class="st31" d="M141.5,89.5C93.8,89.5,55,50.7,55,3V0h6v3c0,44.4,36.1,80.5,80.5,80.5S222,47.4,222,3V0h6v3
C228,50.7,189.2,89.5,141.5,89.5z"/>
<rect y="139" class="st31" width="283" height="6"/>
<rect y="189" class="st31" width="283" height="6"/>
<g>
<path class="st5" d="M173.4,115.7l-0.7-4.1c-0.2-1.3-0.7-2.4-1.1-2.4c-0.4,0-0.7,1.1-0.7,2.4v1.1c0,1.3-1.1,2.4-2.4,2.4h-1.1
c-0.1,0-0.2,0-0.2,0v3c0.1,0,0.2,0,0.2,0h4.1C172.7,118.1,173.6,117,173.4,115.7"/>
<path class="st5" d="M163.6,112.2H157c-0.1,0-0.1,0-0.2,0h-6.8c-0.1,0-0.2,0-0.2,0v-0.6c0-1.3-0.3-2.4-0.7-2.4
c-0.4,0-0.9,1.1-1.1,2.4l-0.7,4.1c-0.2,1.3,0.7,2.4,2,2.4h4.1c0.4,0,0.8-0.1,1.2-0.2c-0.1,0.7-0.7,1.2-1.5,1.2h-5.7
c-0.9,0-1.6-0.8-1.5-1.7l0.6-3.5c0.2-0.9-0.5-1.7-1.5-1.7h-28.3c-0.6,0-1.1,0.4-1.4,0.9l-5.3,8.1c-0.1,0.1-0.1,0.3,0,0.4l1,1.2
c0.1,0.2,0.4,0.2,0.5,0.1l3.6-2.9v17.4c0,0.8,0.7,1.5,1.5,1.5h8c0.8,0,1.5-0.7,1.5-1.5v-6c0-0.8,0.7-1.5,1.5-1.5h20.1
c0.8,0,1.5,0.7,1.5,1.5v6c0,0.8,0.7,1.5,1.5,1.5h8c0.8,0,1.5-0.7,1.5-1.5v-6.5h-4.3c-1.3,0-2.4-1.1-2.4-2.4v-4.2c0-0.8,0.4-1.5,1-2
v5c0,1.3,1.1,2.4,2.4,2.4h6.6c1.3,0,2.4-1.1,2.4-2.4v-12.7C166.1,113.3,165,112.2,163.6,112.2"/>
</g>
<g>
<path class="st5" d="M66.4,162.9c-0.1,0.2-0.2,0.3-0.3,0.4c-0.1,0.1-0.3,0.1-0.4,0.1c-0.2,0-0.3-0.1-0.5-0.2s-0.4-0.2-0.6-0.3
c-0.2-0.1-0.5-0.2-0.8-0.3c-0.3-0.1-0.6-0.2-1-0.2c-0.7,0-1.2,0.1-1.5,0.4c-0.3,0.3-0.5,0.7-0.5,1.1c0,0.3,0.1,0.6,0.3,0.8
c0.2,0.2,0.5,0.4,0.8,0.5c0.3,0.1,0.7,0.3,1.1,0.4c0.4,0.1,0.8,0.3,1.3,0.4c0.4,0.2,0.8,0.3,1.3,0.5s0.8,0.5,1.1,0.8
c0.3,0.3,0.6,0.7,0.8,1.1s0.3,1,0.3,1.6c0,0.7-0.1,1.4-0.4,2c-0.2,0.6-0.6,1.2-1.1,1.6c-0.5,0.5-1,0.8-1.7,1.1s-1.5,0.4-2.3,0.4
c-0.5,0-1,0-1.5-0.1c-0.5-0.1-1-0.2-1.4-0.4c-0.5-0.2-0.9-0.4-1.3-0.6c-0.4-0.2-0.8-0.5-1.1-0.8l1.1-1.7c0.1-0.1,0.2-0.2,0.3-0.3
c0.1-0.1,0.3-0.1,0.4-0.1c0.2,0,0.4,0.1,0.6,0.2c0.2,0.1,0.5,0.3,0.7,0.4c0.3,0.2,0.6,0.3,0.9,0.4c0.3,0.1,0.8,0.2,1.2,0.2
c0.6,0,1.1-0.1,1.5-0.4s0.5-0.7,0.5-1.3c0-0.4-0.1-0.6-0.3-0.9c-0.2-0.2-0.5-0.4-0.8-0.6c-0.3-0.1-0.7-0.3-1.1-0.4
c-0.4-0.1-0.8-0.2-1.2-0.4c-0.4-0.1-0.8-0.3-1.2-0.5c-0.4-0.2-0.8-0.5-1.1-0.8c-0.3-0.3-0.6-0.7-0.8-1.2c-0.2-0.5-0.3-1.1-0.3-1.8
c0-0.6,0.1-1.1,0.3-1.7c0.2-0.5,0.6-1,1-1.5c0.4-0.4,1-0.8,1.6-1c0.7-0.3,1.4-0.4,2.2-0.4c0.5,0,0.9,0,1.4,0.1
c0.4,0.1,0.9,0.2,1.3,0.3s0.8,0.3,1.1,0.5c0.3,0.2,0.7,0.4,0.9,0.7L66.4,162.9z"/>
<path class="st5" d="M74.2,162.5v3.6H79v2.6h-4.8v3.6h6.3v2.7h-9.8v-15.3h9.8v2.7H74.2z"/>
<path class="st5" d="M93.7,171.1c0.1,0,0.2,0,0.3,0s0.2,0.1,0.2,0.2l1.4,1.5c-0.6,0.8-1.4,1.4-2.3,1.8c-0.9,0.4-2,0.6-3.3,0.6
c-1.2,0-2.2-0.2-3.1-0.6c-0.9-0.4-1.7-0.9-2.3-1.6c-0.6-0.7-1.1-1.5-1.5-2.5c-0.3-1-0.5-2-0.5-3.1c0-1.1,0.2-2.2,0.6-3.1
c0.4-1,0.9-1.8,1.6-2.5c0.7-0.7,1.5-1.2,2.4-1.6c0.9-0.4,2-0.6,3.1-0.6c0.6,0,1.1,0.1,1.6,0.2s1,0.2,1.4,0.4
c0.4,0.2,0.8,0.4,1.2,0.6c0.4,0.3,0.7,0.5,1,0.8l-1.2,1.6c-0.1,0.1-0.2,0.2-0.3,0.3c-0.1,0.1-0.3,0.1-0.4,0.1c-0.1,0-0.2,0-0.4-0.1
c-0.1-0.1-0.2-0.1-0.4-0.2c-0.1-0.1-0.3-0.2-0.4-0.3c-0.2-0.1-0.3-0.2-0.5-0.3c-0.2-0.1-0.4-0.1-0.7-0.2c-0.3-0.1-0.6-0.1-1-0.1
c-0.6,0-1.1,0.1-1.6,0.3c-0.5,0.2-0.9,0.5-1.3,1c-0.4,0.4-0.6,0.9-0.8,1.5s-0.3,1.3-0.3,2.1c0,0.8,0.1,1.5,0.3,2.1
c0.2,0.6,0.5,1.1,0.9,1.5c0.4,0.4,0.8,0.7,1.3,1c0.5,0.2,1,0.3,1.6,0.3c0.3,0,0.6,0,0.9,0c0.3,0,0.5-0.1,0.7-0.2
c0.2-0.1,0.4-0.2,0.7-0.3c0.2-0.1,0.4-0.3,0.6-0.5c0.1-0.1,0.2-0.1,0.3-0.2C93.5,171.1,93.6,171.1,93.7,171.1z"/>
<path class="st5" d="M110.7,175.1h-3.2c-0.6,0-1-0.2-1.3-0.7l-2.5-4.4c-0.1-0.2-0.3-0.3-0.4-0.4c-0.1-0.1-0.4-0.1-0.6-0.1h-0.9v5.7
h-3.5v-15.3h5c1.1,0,2,0.1,2.8,0.3s1.4,0.5,1.9,1s0.9,0.9,1.1,1.4s0.3,1.2,0.3,1.8c0,0.5-0.1,1-0.2,1.4s-0.3,0.8-0.6,1.2
c-0.3,0.4-0.6,0.7-1,1s-0.8,0.5-1.3,0.7c0.2,0.1,0.4,0.3,0.7,0.4s0.4,0.4,0.5,0.6L110.7,175.1z M103.2,167c0.5,0,0.9-0.1,1.2-0.2
c0.3-0.1,0.6-0.3,0.8-0.5c0.2-0.2,0.4-0.5,0.5-0.8c0.1-0.3,0.1-0.6,0.1-0.9c0-0.7-0.2-1.2-0.7-1.6s-1.1-0.6-2-0.6h-1.4v4.5H103.2z"
/>
<path class="st5" d="M116.6,162.5v3.6h4.8v2.6h-4.8v3.6h6.3v2.7H113v-15.3h9.8v2.7H116.6z"/>
<path class="st5" d="M137.1,162.6h-4.3v12.5h-3.5v-12.5H125v-2.8h12.2V162.6z"/>
<path class="st5" d="M150.8,159.8c1.1,0,2,0.1,2.7,0.3c0.7,0.2,1.3,0.5,1.8,0.8c0.5,0.4,0.8,0.8,1,1.3c0.2,0.5,0.3,1.1,0.3,1.7
c0,0.3,0,0.7-0.1,1s-0.3,0.6-0.5,0.9s-0.5,0.5-0.8,0.8c-0.3,0.2-0.7,0.4-1.2,0.6c1,0.2,1.8,0.6,2.2,1.2c0.5,0.5,0.7,1.3,0.7,2.1
c0,0.7-0.1,1.3-0.4,1.8c-0.3,0.6-0.6,1-1.1,1.5c-0.5,0.4-1.1,0.7-1.8,1s-1.5,0.4-2.4,0.4h-6.1v-15.3H150.8z M148.8,162.4v3.8h1.8
c0.4,0,0.7,0,1.1-0.1c0.3-0.1,0.6-0.2,0.8-0.3c0.2-0.1,0.4-0.3,0.5-0.6s0.2-0.6,0.2-0.9c0-0.4,0-0.7-0.1-0.9
c-0.1-0.2-0.2-0.4-0.4-0.6c-0.2-0.1-0.4-0.3-0.7-0.3c-0.3-0.1-0.6-0.1-1-0.1H148.8z M151.3,172.4c0.5,0,0.9-0.1,1.2-0.2
c0.3-0.1,0.5-0.3,0.7-0.5c0.2-0.2,0.3-0.4,0.3-0.6c0.1-0.2,0.1-0.5,0.1-0.7c0-0.3,0-0.5-0.1-0.8c-0.1-0.2-0.2-0.4-0.4-0.6
s-0.4-0.3-0.7-0.4s-0.7-0.1-1.1-0.1h-2.5v3.8H151.3z"/>
<path class="st5" d="M172.8,175.1h-3.2c-0.6,0-1-0.2-1.3-0.7l-2.5-4.4c-0.1-0.2-0.3-0.3-0.4-0.4c-0.1-0.1-0.4-0.1-0.6-0.1h-0.9v5.7
h-3.5v-15.3h5c1.1,0,2,0.1,2.8,0.3s1.4,0.5,1.9,1s0.9,0.9,1.1,1.4s0.3,1.2,0.3,1.8c0,0.5-0.1,1-0.2,1.4s-0.3,0.8-0.6,1.2
c-0.3,0.4-0.6,0.7-1,1s-0.8,0.5-1.3,0.7c0.2,0.1,0.4,0.3,0.7,0.4s0.4,0.4,0.5,0.6L172.8,175.1z M165.3,167c0.5,0,0.9-0.1,1.2-0.2
c0.3-0.1,0.6-0.3,0.8-0.5c0.2-0.2,0.4-0.5,0.5-0.8c0.1-0.3,0.1-0.6,0.1-0.9c0-0.7-0.2-1.2-0.7-1.6s-1.1-0.6-2-0.6h-1.4v4.5H165.3z"
/>
<path class="st5" d="M178.8,175.1h-3.6v-15.3h3.6V175.1z"/>
<path class="st5" d="M196.6,167.4c0,1.1-0.2,2.1-0.6,3.1s-0.9,1.7-1.6,2.4c-0.7,0.7-1.5,1.2-2.5,1.6s-2.1,0.6-3.2,0.6h-5.9v-15.3
h5.9c1.2,0,2.3,0.2,3.2,0.6s1.8,0.9,2.5,1.6c0.7,0.7,1.2,1.5,1.6,2.4S196.6,166.3,196.6,167.4z M193,167.4c0-0.8-0.1-1.4-0.3-2
c-0.2-0.6-0.5-1.1-0.8-1.5c-0.4-0.4-0.8-0.7-1.3-1c-0.5-0.2-1.1-0.3-1.8-0.3h-2.4v9.8h2.4c0.7,0,1.3-0.1,1.8-0.3
c0.5-0.2,1-0.6,1.3-1c0.4-0.4,0.6-0.9,0.8-1.5C192.9,168.9,193,168.2,193,167.4z"/>
<path class="st5" d="M207.1,167.1h5.4v6.5c-0.8,0.6-1.6,1-2.5,1.2c-0.9,0.3-1.8,0.4-2.8,0.4c-1.3,0-2.4-0.2-3.4-0.6
c-1-0.4-1.9-0.9-2.7-1.6c-0.7-0.7-1.3-1.5-1.7-2.5c-0.4-1-0.6-2-0.6-3.1c0-1.1,0.2-2.2,0.6-3.1c0.4-1,0.9-1.8,1.6-2.5
c0.7-0.7,1.6-1.2,2.6-1.6c1-0.4,2.1-0.6,3.3-0.6c0.6,0,1.2,0.1,1.8,0.2c0.6,0.1,1.1,0.2,1.5,0.4c0.5,0.2,0.9,0.4,1.3,0.7
c0.4,0.3,0.7,0.5,1,0.8l-1,1.6c-0.2,0.2-0.4,0.4-0.6,0.5c-0.3,0.1-0.5,0-0.8-0.2c-0.3-0.2-0.5-0.3-0.8-0.4
c-0.2-0.1-0.5-0.2-0.8-0.3c-0.3-0.1-0.5-0.1-0.8-0.2s-0.6-0.1-1-0.1c-0.7,0-1.3,0.1-1.8,0.4c-0.5,0.2-1,0.6-1.4,1
c-0.4,0.4-0.7,0.9-0.9,1.5c-0.2,0.6-0.3,1.3-0.3,2c0,0.8,0.1,1.5,0.3,2.2s0.5,1.2,1,1.6c0.4,0.4,0.9,0.8,1.5,1
c0.6,0.2,1.2,0.3,1.9,0.3c0.4,0,0.8,0,1.2-0.1c0.3-0.1,0.7-0.2,1-0.3v-2.3h-1.5c-0.2,0-0.4-0.1-0.5-0.2c-0.1-0.1-0.2-0.3-0.2-0.5
V167.1z"/>
<path class="st5" d="M219.6,162.5v3.6h4.8v2.6h-4.8v3.6h6.3v2.7H216v-15.3h9.8v2.7H219.6z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

4
templates/secrets-bridge-server/config.yml Normal file
View File

@ -0,0 +1,4 @@
name: "Secrets Bridge"
description: "Server side of bridge between Vault and Rancher"
version: "0.0.1-rancher1"
category: Security