Back to godoc.org
github.com/jjeffery/hclconfig

Package hclconfig

v0.0.0-...-da75f93
Latest Go to latest

The latest major version is .

Published: Sep 11, 2017 | License: MIT | Module: github.com/jjeffery/hclconfig

Overview

Package hclconfig aims to make it easy for cloud-based server programs to access configuration files.

Configuration files can be referenced as a URL or as a local file. Supported URL schemes include http, https, s3 and file. The package provides a mechanism to efficiently determine whether a config file has changed.

It is a common requirement for a configuration file to include sensitive information such as passwords, database connection strings, API keys, and similar. It is poor practice to store this configuration in clear text. This package provides a convenient mechanism for storing sensitive information in a configuration file in encrypted form.

The package is somewhat opinionated. Configuration files are expected to be in HCL format (https://github.com/hashicorp/hcl). Sensitive data is encrypted using a data key, which is stored in the configuration file in encrypted form. Currently AWS KMS is used to encrypt the data key, but other mechanisms could be included in future versions of this package.

The following example shows an HCL configuration file that stores sensitive information.

 // example configuration file
 encryption {
	 // data key encrypted using AWS KMS
	 kms = <<EOF
		AQIDAHgLhsBflVB0KoR1VWanrwNzS+ylS6x/KfXjXLqRJA+I1AGdDZQVyAda6rR1A9A9qT7GAA
		AAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMU28Y
		xot8ipSiVrmZAgEQgDvoJNL7unAdqIgQze98nfCBH0tF3+fbJOeZwjdvI4Od4Loentci39Zjrk
		otk6cofeipCC8UteWQ7lh2Pw==
		EOF
 }

 // storing sensitive information
 database {
	 username = "scott"
	 hostname = "db.example.com"
	 dbname = "production_db"
	 password = {
		 ciphertext = <<EOF
			CDjOKgnBIunYEfUru+jD7OgGmF9+nF3Y
			XsLaJWDe5nIjAYfGdrStPVVYJJdGao0N
			3VFf4bCUFJE=
			EOF
	 }
 }

In this file the `encryption` section has specified a data encryption key that is encrypted using an AWS KMS encryption key. The sensitive data in the configuration file (eg the database password) is encrypted using the data encryption key.

A command line utility `hclconfig` is provided to assist with encrypting and decrypting data in a configuration file. See package "cmd/hclconfig" for details.

Index

Examples

type File

type File struct {
	Location     string
	Etag         string
	LastModified time.Time
	Contents     *ast.File
}

File represents a configuration file that has been loaded from a location.

func Get

func Get(location string) (*File, error)

Get downloads the configuration file from the location, parses it and decrypts any sensitive data. The location can be a HTTP/HTTPS URL, an S3 URL, or a local file path.

Example

Code:

// get a config file from a HTTP URL
file, err := Get("https://example.com/config/file.hcl")
if err != nil {
	log.Fatal(err)
}
doSomethingWith(file)

// get a config file from an S3 URL
file, err = Get("s3://bucket-name/config/file.hcl")
if err != nil {
	log.Fatal(err)
}
doSomethingWith(file)

// get a config file from the local filesystem
file, err = Get("./config/file.hcl")
if err != nil {
	log.Fatal(err)
}
doSomethingWith(file)

func (*File) Decode

func (f *File) Decode(v interface{}) error

Decode decodes the contents of the configuration file into the structure pointed to by v.

Example

Code:

file, err := Get("./config.hcl")
if err != nil {
	log.Fatal(err)
}

var config struct {
	Database struct {
		Provider  string
		SecretDSN string
	}
}

if err := file.Decode(&config); err != nil {
	log.Fatal(err)
}

doSomethingWith(config)

/* Config file would look something like:

encryption {
	kms = "<cipher-text-blob>"
}

database {
	provider = "postgresql"
	secretDSN {
		ciphertext = "<cipher-text-blob>"
	}
}

*/	}
}

*/

func (*File) HasChanged

func (f *File) HasChanged() (bool, error)

HasChanged returns true if the config file has changed. It does not download the new contents.

For HTTP(S) and S3 URLs, this function performs a HEAD operation and compares the ETag or the Last-Modified headers. For local files this function performs a file stat and compares the last modified times.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier