Managing configuration is divided into two processes, Configuration Management which is the process modifying and storing configuration in a cloud storage service, and Configuration Consumption which is the process of ingesting the configuration from a cloud storage service into a Fargate container or Lambda function.
When using Stash, management is consistent accross supported cloud storage services.
$ stash sync config/dev/.env$ stash edit -t devConsumption has many methods with different benefits. The pupose of this document is to discuss AWS methods for Fargate containers and Lambda functions, but some of the following methods may also apply to other technologies.
AWS methods require developers and the container execution role or application role to have access to the appropriate cloud storage service and KMS keys.
The following Stash command generates Terraform scripts specific to the dev configuration. This makes it easier to manage the AWS access policies through Terraform.
$ stash get -t dev -o terraformSupports: ECS Fargate Containers
On start up containers can call a storage service directly using the Stash CLI and create a configuration file inside the container allowing the application to load it into memory.
Requirement: The stash.yml file used to sync the configuration must included in the Docker image where Stash can find it.
Dockerfile (build)
FROM golang:1.13
ARG version=0.0.0-unknown.0
# install stash
RUN curl -L -o /usr/local/bin/stash https://github.com/dabblebox/stash/releases/download/v0.1.0-rc/stash_linux_386 && chmod +x /usr/local/bin/stash
COPY . /app/
WORKDIR /app
RUN go build -ldflags '-X main.version='$version -o app
ENTRYPOINT [ "./docker-entrypoint.bash" ]docker-entrypoint.bash (get)
#!/bin/bash
echo "Getting $CONFIG_ENV configuration."
stash get -l -t $CONFIG_ENV 1> .env
exec ./appOn start up containers can call a storage service directly using the Stash CLI and inject secrets into a configuration file inside the container allowing the application to load the file containing the secrets into memory. Secret tokens can be added to a configuration file that is checked into a repository.
The tokens are AWS Secret Manager secret names. Use double colons, ::, to specify any field in the secret's json object.
.env (config)
USER=${app/dev/db::user}
PASSWORD=${app/dev/db::password}
Dockerfile (build)
FROM golang:1.13
ARG version=0.0.0-unknown.0
# install stash
RUN curl -L -o /usr/local/bin/stash https://github.com/dabblebox/stash/releases/download/v0.1.0-rc/stash_linux_386 && chmod +x /usr/local/bin/stash
COPY . /app/
WORKDIR /app
RUN go build -ldflags '-X main.version='$version -o app
ENTRYPOINT [ "./docker-entrypoint.bash" ]docker-entrypoint.bash (inject)
#!/bin/bash
echo "Injecting $CONFIG_ENV configuration."
stash inject $CONFIG_ENV/.env -l -s secrets-manager 1> secrets.env
exec ./appSupports: ECS Fargate Containers
Configuration and secret references to cloud services like Secrets Manager, Parameter Store, and S3 can be listed in ECS task definitions. On container start, AWS injects the configuration and/or secrets from cloud service references into the containers environment variables.
Stash provides commands that print the task definition JSON for stashed configuration making it easier to add to a task definition. Secrets from AWS Secrets Manager and SSM Parameter Store along with S3 environment files are supported.
$ stash get -t dev -o ecs-task-inject-json$ stash get -t dev -o ecs-task-inject-envSupports: ECS Fargate Containers / Lambda Functions
Code can use the Stash Go integration library to load configuration directly into memory.
Requirement: The stash.yml file used to sync the configuration must be included in the Docker image or Lambda function where Stash can find it.
package main
import (
"log"
"github.com/dabblebox/stash"
"github.com/dabblebox/stash/component/output"
)
config, err := stash.GetMap(stash.GetOptions{})
if err != nil {
log.Fatal(err)
}
for k, v := range config {
log.Printf("%s=%s\n", k, v)
}