Comments (17)
Hey @theomessin
It's been discussed
We're exploring the possibility of embedding the berglas binary inside of other clients, but the general recommendation today is to run berglas exec
for non-Go apps. Sorry
from berglas.
Hi @theomessin
Yes
from berglas.
There's a python one now: https://pypi.org/project/berglas-python/
from berglas.
Hey @sethvargo. Thanks for replying!
So, just to clarify: we like the CLI tool, we'd like to be able to use the Berglas managed secrets in our Python Google Cloud Functions. Are you saying that this would be quite hard to do?
Currently we use the Python library for Google Cloud KMS to decrypt ad-hoc stored secrets and the code is quite simple.
from berglas.
I've written a Node library similar to the Python one, which enables use of the NodeJS runtime in Cloud Functions with Berglas: https://github.com/chrisbenincasa/berglas-node
from berglas.
Fair enough. That makes more sense. Thanks!
from berglas.
bump
from berglas.
I can add this support to berglas main once #43 is tested and merged. Then, at least for GAE flex we'd be able to move to library usage rather than exec
- however not sure if all that is worth it.
from berglas.
I think pycryptodome supports everything berglas needs without using C extensions.
from berglas.
I have a working POC for the python library here - maroux/berglas-python#1..
@sethvargo let me know if you'd be interested in merging that repo here (not sure how Travis will work).
from berglas.
@maroux did you see the python one above? https://pypi.org/project/berglas-python/
from berglas.
@sethvargo just looked - it uses cryptography so binds to openssl etc and doesn't provide an auto resolver.
from berglas.
I created #46 that adds examples of using the python library.
from berglas.
As for App Engine (Standard), we were able to place berglas binaries by using Cloud Build in the previous stage.
pre_cloudbuild.yaml
Since App Engine cannot place a file named cloudbuild.yaml in the root directory, the name of cloudbuild.yaml is changed to pre_cloudbuild.yaml.
steps:
- name: gcr.io/cloud-builders/curl
args:
- https://storage.googleapis.com/berglas/master/linux_amd64/berglas
- --output
- berglas
- name: ubuntu
args:
- chmod
- "777"
- berglas
- name: gcr.io/cloud-builders/gcloud
args:
- app
- deploy
- app.yaml
app.yaml
runtime: nodejs10
entrypoint: ./berglas exec -- npm start
env_variables:
HOGE: berglas://{BUCKET_ID}/hoge
What do you think about this method?
Alternatively, if you deploy berglas binaries in the root directory in advance, the previous Cloud Build is not required.
from berglas.
it'd be nice to add a link to the python implementation to the README, i only found this ticket by chance
from berglas.
This issue is stale because it has been open for 14 days with no
activity. It will automatically close after 7 more days of inactivity.
from berglas.
This issue has been automatically locked since there has not been any
recent activity after it was closed. Please open a new issue for
related bugs.
from berglas.
Related Issues (20)
- Berglas reporting wrong version or release process stuck? HOT 3
- is berglas 0.6.2 the latest release HOT 4
- Change berglas exec to use sys.Exec? HOT 6
- [removed] HOT 1
- Downloaded binary is sometimes broken. HOT 6
- berglas: cannot execute binary file: Exec format error HOT 1
- Checksum in sum.golang.org is different from download without proxy/checksum database (GOPRIVATE=*) HOT 7
- Unable to use the mutation webhook method with kubernetes 1.21.5 and admissionregistration.k8s.io/v1 on GKE HOT 11
- Download berglas seems to be broken with exec format error: HOT 1
- Berglas interacts badly with tools that rely on process wrapping like Argo-workflows HOT 3
- About the latest release HOT 2
- 1.0.0 image breaks kubernetes integration HOT 6
- New version not published to https://storage.googleapis.com/berglas HOT 1
- using secret account credentials.json instead of workflow identity HOT 1
- CrashLoopBackOff when setting command in my deployments HOT 2
- version only shows as "source" if i go install HOT 3
- I would like a new release. HOT 1
- Setting KMS key location for golang library
- Mutating webhook does not run if secrets are only set through a configMap HOT 1
- Multiple CVEs in docker image HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from berglas.