This repo contains a deploy config generator plugin for DC/OS secrets and its supporting scripts.
The plugin/dcos_secrets.py file should be placed in a directory and pointed at
with a line like plugin_dirs: path/to/plugins in your deploy-config-generator site config. This will enable
a top level secrets section in your deploy configs.
The scripts/update_dcos_secrets.py script is used to process and apply
the DC/OS secrets from the JSON file(s) generated by the plugin. They can be processed individually or all at once
(after concatenating them into a single JSON list).
It can be invoked as follows:
$ path/to/scripts/update_dcos_secrets.py --url https://your.dcos.host.name --token <DC/OS auth token> <secrets JSON file>If you already have your cluster configured in the DC/OS CLI tool, you can run the script like:
$ path/to/scripts/update_dcos_secrets.py --url $(dcos config show core.dcos_url) --token $(dcos config show core.dcos_acs_token) dcos_secrets-001.jsonThe update_dcos_secrets.py script expects its input file to be JSON with the following format.
Generate a random password:
{
"name": "name of secret to manage",
"type": "password"
}
Create secret from value of environment variable:
{
"name": "name of secret to manage",
"type": "password",
"env_var": "SOME_ENV_VAR"
}
Multiple secrets:
[
{
"name": "secret1",
"type": "password"
},
{
"name": "secret2",
"type": "password",
"env_var": "SOME_ENV_VAR"
}
]