Environment variables secrets provider
This secrets provider looks up secret values from the environment.
When zoe encounters secret:SECRET_NAME
in the configuration, this provider searches for an environment variable named SECRET_NAME
.
The name of the environment variable to look for can be altered using the append
or prepend
config properties :
secrets:
provider: env
append: ZOE_SECRET
prepend: _PRO
In the configuration above, when zoe encounters secret:JAAS_CONFIG
, this provider looks up for an environment variable named ZOE_SECRET_JAAS_CONFIG_PRO
.
The append
and prepend
properties are useful when using the same secret name across different zoe environment files. Here is a typical example of a staging.yml
and a prod.yml
file:
secrets:
provider: env
append: ZOE_SECRET
prepend: _STAGING
clusters:
my-kafka-cluster:
props:
bootstrap.servers: my-kafka-cluster-staging.example.com:9092
security.protocol: SASL_SSL
sasl.mechanism: SCRAM-SHA-256
sasl.jaas.config: secret:JAAS_CONFIG
secrets:
provider: env
append: ZOE_SECRET
prepend: _PROD
clusters:
my-kafka-cluster:
props:
bootstrap.servers: my-kafka-cluster-production.example.com:9092
security.protocol: SASL_SSL
sasl.mechanism: SCRAM-SHA-256
sasl.jaas.config: secret:JAAS_CONFIG
In this case :
- when using
zoe -e staging ...
, theJAAS_CONFIG
secret wil be retrieved from the environment variableZOE_SECRET_JAAS_CONFIG_STAGING
. - when using :
zoe -e prod ...
, theJAAS_CONFIG
secret wil be retrieved from the environment variableZOE_SECRET_JAAS_CONFIG_PROD
.