Giters

slaskis / secure-environment

Utility for handling encrypted secrets

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

secure-environment - A loader for secure environments

Forked from virtru/secure-environment.

Introduction

This tool is intended to be used on the start up of a Docker container to securely fetch and decrypt environment variables stored in S3 and encrypted with a KMS key.

How it works

The secure-environment exec command acts as an entrypoint for the Docker container including the decrypted variables in the command environment.

Setting up the Docker container

To use this with Convox, you need to set the label convox.environment.secure=true to true on the services you intend to secure.

On your Docker container the latest Linux binary of the secure-environment executable should be copied into your Docker image at the following locations:

COPY secure-environment /usr/sbin/secure-environment

Finally, you need to set the ENTRYPOINT on your Dockerfile to this:

ENTRYPOINT ["/usr/sbin/secure-environment", "exec", "--"]

See https://github.com/convox-examples/secure-env-example for example usage.

About

Utility for handling encrypted secrets

License:Apache License 2.0

Languages

Language:Go 98.1%Language:Makefile 1.1%Language:Shell 0.8%