From ba93ef2ff064ace3780bd12bf9d692cd94936f69 Mon Sep 17 00:00:00 2001 From: Simon Templer Date: Fri, 15 Sep 2017 11:01:23 +0200 Subject: [PATCH] update README --- README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e64c30f..e20f385 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,8 @@ root │ │ │ └─ Dockerfile │ │ └──config │ │ ├─ config1.yml -│ │ └─ config2.env +│ │ ├─ config2.vault.yml +│ │ └─ config3.env │ │ │ └──stack2 │ ├─ swarm-composer.yml @@ -94,6 +95,27 @@ YAML configurations are accessible via their property path (segments separated s Restrictions for variable evaluation in configuration files: Simple value insertions/replacements work, for conditions only boolean variables are supported right now. +#### Secret variables + +Sensible information like passwords can be stored in encrypted configuration files. +These files then also for instance can be added to version control. + +For encrypted configuration files right now only the YAML format is supported, variables must be string values. + +To create an encrypted configuration file, first create its plain counterpart in the setup folder. +The file names of the plain configuration files should end with `.secret.yml`. + +You also need to provide the password to use for the encryption. +It can be provided as Gradle property, either for all setups (`vault_password`) or for individual setups (`vault_password_`). + +To encrypt the configuration file, run the encryption task for the respective setup (e.g. `./gradlew encrypt-`). +Encrypted vault files have a file name that ends with `.vault.yml`. + +Note that when accessing the setup configuration, the plain files are recreated. +If you want to remove them after a task, also add the `purgeSecrets` task. + +If you want to edit a vault file, you can either add encrpyted entries there, or simply decrypt the file with the task `decrypt-` and encrypt it after you completed your changes. + #### Reserved variable names Some variables are provided by swarm-composer and will override any variables you define with the same name: