Utility for obtaining database credentials from Consul and Vault.
Download and install using go get:
go get -u github.com/romantomjak/knock-knock
or grab a binary from releases section!
Configuration by default is read from ~/.knock-knock.conf
. It is based on the INI file format which is rendered by Go template.
[myservice]
host = {{ key "services/myservice/db/host" }}
port = 5432
username = {{ with secret "secret/services/myservice/db" }}{{ .Data.username }}{{ end }}
password = {{ with secret "secret/services/myservice/db" }}{{ .Data.password }}{{ end }}
dbname = {{ key "services/myservice/db/database" }}
Sections are your service names. They appear on a line by itself, in square
brackets ([ and ]). key
retrieves values from Consul and likewise secret
is for retrieving secrets from Vault.
knock-knock supports configuration section autocomplete. Autocomplete can be installed or uninstalled by running the following on bash or zsh shells:
knock-knock -autocomplete-install
knock-knock -autocomplete-uninstall
Version 2 of the K/V backend can retain a configurable number of versions for each key. Here's how to access a versioned secret value:
password = {{ with secret "secret/services/myservice/db" }}{{ .Data.data.password }}{{ end }}
Note the nested .Data.data
syntax when referencing the secret value. For more
information about using the K/V v2 backend, see the Vault Documentation.
Running the application requires you to specify a service name from the configuration file:
export VAULT_AUTH_GITHUB_TOKEN=<mygithubtoken>
export VAULT_ADDR=http://127.0.0.1:8200
export CONSUL_HTTP_ADDR=127.0.0.1:8500
$ knock-knock myservice
host = myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com
port = 5432
username = awsuser
password = awssecretpassword
dbname = awsdatabase
Magic! ✨
You can contribute in many ways and not just by changing the code! If you have any ideas, just open an issue and tell me what you think.
Contributing code-wise - please fork the repository and submit a pull request.
Logo made by Ely Wahib from http://wahib.me
MIT