This repository contains the configuration parsing and management package designed for Emitter ( service and related services. The configuration contains a flexible and multi-level secret overrides with Environment Variable and Hashicorp Vault providers implemented out of the box.


If you want to use this package, you can simply go get it as shown below.

go get


import (
	cfg ""

// NewDefault creates a default configuration.
func NewDefault() cfg.Config {
	return &Config{
		ListenAddr: ":8080",
		Cluster: &ClusterConfig{
			ListenAddr:    ":4000",
			AdvertiseAddr: "public:4000",
			Passphrase:    "emitter-io",

// Config represents main configuration.
type Config struct {
	ListenAddr string              `json:"listen"`             // The API port used for TCP & Websocket communication.'
	License    string              `json:"license"`            // The port used for gossip.'
	TLS        *cfg.TLSConfig      `json:"tls,omitempty"`      // The API port used for Secure TCP & Websocket communication.'
	Secrets    *cfg.VaultConfig    `json:"vault,omitempty"`    // The configuration for the Hashicorp Vault.
	Storage    *cfg.ProviderConfig `json:"storage,omitempty"`  // The configuration for the storage provider.
	Contract   *cfg.ProviderConfig `json:"contract,omitempty"` // The configuration for the contract provider.

// Vault returns a vault configuration.
func (c *Config) Vault() *cfg.VaultConfig {
	return c.Secrets

func main() {
	// Parse the configuration
	cfg, err := config.ReadOrCreate("emitter", "config.json", NewDefault, config.NewEnvironmentProvider(), config.NewVaultProvider("app"))
	if err != nil {
		panic("Unable to parse configuration, due to " + err.Error())





This section is empty.


This section is empty.


This section is empty.


type CertCacher

type CertCacher interface {
	Name() string
	GetCache() (autocert.Cache, bool)

    CertCacher represents a contract which allows for retrieval of certificate cache

    func TLS

    func TLS(cfg *TLSConfig, stores ...CertCacher) (*tls.Config, http.Handler, CertCacher)

      TLS returns a TLS configuration which can be applied or validated. This requires a set of valid stores in the first place, so for this to work it needs to be called once the stores are configured (aka Configure() method was called). This should work well if called at some point after calling config.ReadOrCreate().

      type Config

      type Config interface{}

        Config represents a configuration interface.

        func ReadOrCreate

        func ReadOrCreate(prefix string, path string, newDefault func() Config, stores ...SecretReader) (cfg Config, err error)

          ReadOrCreate reads or creates the configuration object.

          type EnvironmentProvider

          type EnvironmentProvider struct {
          	// contains filtered or unexported fields

            EnvironmentProvider represents a security provider which uses environment variables to store secrets.

            func NewEnvironmentProvider

            func NewEnvironmentProvider() *EnvironmentProvider

              NewEnvironmentProvider creates a new environment security provider.

              func (*EnvironmentProvider) Configure

              func (p *EnvironmentProvider) Configure(config map[string]interface{}) (err error)

                Configure configures the security provider.

                func (*EnvironmentProvider) GetSecret

                func (p *EnvironmentProvider) GetSecret(secretName string) (string, bool)

                  GetSecret retrieves a secret from the provider

                  func (*EnvironmentProvider) Name

                  func (p *EnvironmentProvider) Name() string

                    Name returns the name of the security provider.

                    type Provider

                    type Provider interface {
                    	Name() string
                    	Configure(config map[string]interface{}) error

                      Provider represents a configurable provider.

                      func LoadProvider

                      func LoadProvider(config *ProviderConfig, providers ...Provider) Provider

                        LoadProvider loads a provider from the configuration or panics if the configuration is specified, but the provider was not found or not able to configure. This uses the first provider as a default value.

                        type ProviderConfig

                        type ProviderConfig struct {
                        	// The storage provider, this can either be specific builtin or the plugin path (file or
                        	// url) if the plugin is specified, it must contain a constructor function named 'New'
                        	// which returns an interface{}.
                        	Provider string `json:"provider"`
                        	// The configuration for a provider. This specifies various parameters to provide to the
                        	// specific provider during the Configure() call.
                        	Config map[string]interface{} `json:"config,omitempty"`

                          ProviderConfig represents provider configuration.

                          func (*ProviderConfig) Load

                          func (c *ProviderConfig) Load(builtins ...Provider) (Provider, error)

                            Load loads a provider from the configuration and uses one or several builtins provided.

                            func (*ProviderConfig) LoadOrPanic

                            func (c *ProviderConfig) LoadOrPanic(builtins ...Provider) Provider

                              LoadOrPanic loads a provider from the configuration and uses one or several builtins provided. If the provider is not found, it panics.

                              type SecretReader

                              type SecretReader interface {
                              	GetSecret(secretName string) (string, bool)

                                SecretReader represents a contract for a store capable of resolving secrets.

                                type SecretStore

                                type SecretStore interface {
                                	GetCache() (autocert.Cache, bool)

                                  SecretStore represents a contract for a store capable of resolving secrets. On top of that, also capable of caching certificates.

                                  type TLSConfig

                                  type TLSConfig struct {
                                  	ListenAddr  string `json:"listen"`                // The address to listen on.
                                  	Host        string `json:"host"`                  // The hostname to whitelist.
                                  	Email       string `json:"email,omitempty"`       // The email address for autocert.
                                  	Certificate string `json:"certificate,omitempty"` // The certificate request.
                                  	PrivateKey  string `json:"private,omitempty"`     // The private key for the certificate.

                                    TLSConfig represents TLS listener configuration.

                                    func (*TLSConfig) Load

                                    func (c *TLSConfig) Load(certCache autocert.Cache) (*tls.Config, http.Handler, error)

                                      Load loads the certificates from the cache or the configuration.


                                      Path Synopsis