Comments (5)
I'm doing some dev work on berglas today and tomorrow. I'll make a point to update the docs!
from berglas.
You are awesome! It didn't even take a day from issue to fix 🚀
from berglas.
Thanks for asking the question. Your interpretation is correct - berglas exec
resolves secrets and places their values plaintext via the subprocesses environment*. It's designed specifically for legacy applications that can't easily be altered but expect configuration in an environment variable.
I thought we documented this well. Do you see areas for improvement?
- An exception is if the berglas reference specifies a filepath. In that case, the secret is resolved and its contents are written to the file at the supplied path. Then the environment variable value is set to the path to the file containing the secrets.
from berglas.
Hi @sethvargo,
thanks for your speedy reply! After reading your comment, I looked more carefully and indeed I found that this is already wonderfully described.
However, that information was a bit hidden for me. Given that this can easily be used in the wrong way, what do you think about a pointer to the threat-model page at https://github.com/GoogleCloudPlatform/berglas#cli-usage item 4? It's also worth to explicitly mention that references like berglas://bucket/secret?destination=...
make berglas exec
safe again.
Also, some more information in berglas exec --help
would be great!
WDYT?
from berglas.
If you like, I can also try to work on this documentation.
from berglas.
Related Issues (20)
- berglas: cannot execute binary file: Exec format error HOT 1
- Checksum in sum.golang.org is different from download without proxy/checksum database (GOPRIVATE=*) HOT 7
- Unable to use the mutation webhook method with kubernetes 1.21.5 and admissionregistration.k8s.io/v1 on GKE HOT 11
- Download berglas seems to be broken with exec format error: HOT 1
- Berglas interacts badly with tools that rely on process wrapping like Argo-workflows HOT 3
- About the latest release HOT 2
- 1.0.0 image breaks kubernetes integration HOT 6
- New version not published to https://storage.googleapis.com/berglas HOT 1
- using secret account credentials.json instead of workflow identity HOT 1
- CrashLoopBackOff when setting command in my deployments HOT 2
- version only shows as "source" if i go install HOT 3
- I would like a new release. HOT 1
- Setting KMS key location for golang library
- Mutating webhook does not run if secrets are only set through a configMap HOT 1
- Multiple CVEs in docker image HOT 4
- Please provide new release with newest go version HOT 3
- Support rich JSON secrets
- invalid value "fatal" for log level: no such level "fatal"
- Mutating Webhook setup for K8S is missing HOT 1
- Can't upgrade to version 2.X.X HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from berglas.