Load values from files if the file exist
mitar opened this issue · comments
So I am thinking about managing secrets. One way to manage them is to have them stored to a file and then program reads it from a file. I am thinking that it would be nice if Kong supported first-class support for that pattern. So like there is env
which can be read for a value, it could also be file
pointing to a file path. And if that file path exists, the value is read from the file (and of course values could be tried in order, like first file, then env, then config, then CLI, I am not sure what is current order, but file would be in there somewhere).
Some thoughts:
- Probably file path should be relative to some directory. Maybe
file
should be only a filename and then directory should be provided in some other way (maybe through Kong var or by having another flag which tells the directory, like the config flag currently loads config). - With secrets it is also useful to be able to rotate them. So that contents of a file is updated, and then app is signaled to re-read values from the file. So it would be useful if there was a way to tell Kong to re-read the config. Not sure if that is currently supported? But probably one can simply another instance of Kong and this is it?
Is FileContentFlag what you want?
To your second point, Kong doesn't support dynamic config. It's crossed my mind a few times, but I think it is outside the scope of Kong. That said, I think you could make it work with a mapper of some sort.
Is FileContentFlag what you want?
No. I would want something like:
Secret string `env:"SECRET" file:"secret.txt" help:"Secret to use." required:""`
And then if SECRET
environment variable is present, that value is used, if secret.txt
file exists, it is read and that is used, or if --secret
CLI argument is passed, then that is used.
FileContentFlag
allows me to load secret only from the file. But not to have it optionally load from the file.
Closest I have found is this example of using env-file. In this case it kinda works like above: if the file contains SECRET
environment variable, it is pre-set before Kong tryies to read SECRET
environment variable. So it is kinda like that.
To your second point, Kong doesn't support dynamic config. It's crossed my mind a few times, but I think it is outside the scope of Kong.
I think it might be easier to do simply do parser, err := kong.New(updatedConfig, ...)
and ctx, err := parser.Parse(os.Args[1:])
again, and then diff updatedConfig
with oldConfig
and see if anything changed. I think Kong does not do anything destructive while doing parser.Parse
so one can call it multiple times (with new kong
instance).
I think that calling parser.Parse
multiple times on the same kong
instance probably does not work, nor it is probably safe to directly update existing oldConfig
struct because you might get data races (if some other goroutine is reading from it at the same time you are updating config).