Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/vault
History
Mark Rushakoff d73d73c0d4 chore: rename imports from platform to influxdb 
I did this with a dumb editor macro, so some comments changed too.

Also rename root package from platform to influxdb.

In interest of minimizing risk, anyone importing the root package has
now aliased it to "platform" so that no changes beyond imports were
necessary in those files.

Lastly, replace the old platform module to local path /dev/null so that
nobody can accidentally reintroduce a platform dependency while
migrating platform code to influxdb.
 		2019-01-09 20:51:47 -08:00
..
README.md chore(platform): cleanup, document, and use secret service 2018-12-28 11:11:21 -05:00
secret.go chore: rename imports from platform to influxdb 2019-01-09 20:51:47 -08:00
secret_test.go chore: rename imports from platform to influxdb 2019-01-09 20:51:47 -08:00

README.md

Vault Secret Service

This package implements platform.SecretService using vault.

Key layout

All secrets are stored in vault as key value pairs that can be found under the key /secret/data/:orgID.

For example

/secret/data/031c8cbefe101000 ->
  github_api_key: foo
  some_other_key: bar
  a_secret: key

Configuration

When a new secret service is instatiated with vault.NewSecretService() we read the environment for the standard vault environment variables.

It is expected that the vault provided is unsealed and that the VAULT_TOKEN has sufficient privileges to access the key space described above.

Test/Dev

The vault secret service may be used by starting a vault server

vault server -dev

VAULT_ADDR='<vault address>' VAULT_TOKEN='<vault token>' influxd --secret-store vault

Once the vault and influxdb servers have been started and initialized, you may test the service by executing the following:

curl --request GET \
  --url http://localhost:9999/api/v2/orgs/<org id>/secrets \
  --header 'authorization: Token <authorization token>

# should return
#
#  {
#    "links": {
#      "org": "/api/v2/orgs/031c8cbefe101000",
#      "secrets": "/api/v2/orgs/031c8cbefe101000/secrets"
#    },
#    "secrets": []
#  }

curl --request PATCH \
  --url http://localhost:9999/api/v2/orgs/<org id>/secrets \
  --header 'authorization: Token <authorization token> \
  --header 'content-type: application/json' \
  --data '{
	"foo": "bar",
	"hello": "world"
}'

# should return 204 no content

curl --request GET \
  --url http://localhost:9999/api/v2/orgs/<org id>/secrets \
  --header 'authorization: Token <authorization token>

# should return
#
#  {
#    "links": {
#      "org": "/api/v2/orgs/031c8cbefe101000",
#      "secrets": "/api/v2/orgs/031c8cbefe101000/secrets"
#    },
#    "secrets": [
#      "foo",
#      "hello"
#    ]
#  }