-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for rendering templates #52
Comments
According to Secrets: Best Practices, Environment Variables are discouraged because:
So providing a way to fill a template with secrets (much like consul-template) sounds like a wise addition. |
However, the use of environment variables described in that document is not the same as what Summon does. That document describes the use of the Dockerfile Using Summon is not subject to any of those vulnerabilities. |
Summon is not subject to these issues because the secrets are placed in an
environment that is internal to the container. The article is referring to
Docker ENV directive.
…On Tue, Dec 26, 2017 at 7:48 PM Anthony Whitford ***@***.***> wrote:
According to Secrets: Best Practices
<moby/moby#13490>, *Environment Variables are
discouraged* because:
- Accessible by any process in the container, thus easily "leaked"
- Preserved in intermediate layers of an image, and visible in docker
inspect
- Shared with any container linked to the container
So providing a way to fill a template with secrets (much like
consul-template <https://github.com/hashicorp/consul-template>) sounds
like a wise addition.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#52 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAFRe0KKmlXPSyJAfKdzwJMUCDCqaXExks5tEZPWgaJpZM4PaIK0>
.
|
So the interface might look like this?
If we had a
The template file might be a go template:
Does that look about right? |
Many software packages read secret from configuration files and would have to be modified to source them from the environment instead. This makes it cumbersome to use them with summon; the usual solution is to write a wrapper script which seds the secrets into place before handing off to target command and use summon to call that script instead.
Not only is this inconvenient, but also risks introducing security problems: the script author needs to remember to clean up the files afterwards, give them correct permissions to limit exposure, etc. This would much better be handled by summon itself, at the small cost of not being agnostic about templating engine.
I propose thus to design and implement functionality in summon that would allow using file templates into which the secrets would get substituted. The templates would be rendered into temporary files as with
!file
entries currently, to be cleaned up after exiting; additionally these temp files could be symlinked into a required place before calling the target process so that the target can find them (on the assumption that it cannot use environment variables for that), or alternatively we could provide a mechanism to substitute the temp file path into the command line.Note this functionality would replace the obsolete
conjur env
command of https://github.com/cyberark/conjur-cli.The text was updated successfully, but these errors were encountered: