Skip to content

Secrets Management

Jump to bottom
Vlad Volkov edited this page Aug 28, 2021 · 24 revisions

Secrets

Key/Value store

Vault by HashiCorp

Endpoint:

BN Vault

For authentication, generate Github Token as discussed

Path:

/secrets/projects/:project

Project Description
Project Name of current project - used as only one root for all dependent configurations and credentials

Materialized path pattern

:provider/:service/:environment

Parameter Description
Provider Represents third party which provides configuration
Service Optionally, application name in case of multiple
Environment Optionally, environment name (could be one of: development

Key pattern

kebab-case

Consistent naming desired, as well as environment naming convention. Also, credentials are grouped by application, avoiding extra prefixing

Examples

APP_GOOGLE_CLIENT_SECRET environment variable projects/app/google/client-secret secret path

Local provisioning

To populate, perform next steps:

  1. Add @bn-digital/vault in package.json devDependencies
  2. Create .env.dist if your package require dynamic configuration
  3. Populate .env.dist with required keys and complete paths to your secret as value see sample
  4. Create .env with following content (it will not be replaced after pulling values from Vault):
VAULT_ENDPOINT=vault-public-endpoint-to-fetch-configurations-from
GITHUB_TOKEN=your-github-token-for-authenticating-vault
  1. Prepend that command in start script for your convenience:
{
  "scripts": {
    "start": "vault-env && webpack serve --mode=development"
  }
}
Clone this wiki locally