search

feathersjs-ecosystem / configuration

[MOVED] A plugin for configuring a Feathers application
https://github.com/feathersjs/feathers
MIT License
28 stars 15 forks source link

Make this repo more about managing configuration #24

Closed ekryski closed 8 years ago

ekryski commented 8 years ago

As others have mentioned in #8 we should look at using something like Vault or making a configuration service. This might be a way to re-purpose feathers-configuration. It should be more for managing config keys and secrets.

feathers-configuration could be a configuration management service that can store data wherever and just has hooks to encrypt/decrypt values. I think we have a couple options here:

  1. Create a feathers-vault adapter. Vault can be used to read/write to many different backends like AWS IAM users, SQL DBs, Files System, etc. I would need to investigate further but @slajax might know more. Could be use like this:

    const vault = require('feathers-vault');
app.use('config', vault(options));

  2. Create our own hooks that encrypt and decrypt keys and allow you to CRUD them as well. It's possibly a little more feathersy. Could look something like this:

    const service = require('feathers-mongodb');
const options = {
  Model: db.collection('config')
};

app.use('/config', service(options));

app.service('config').hooks({
 before: {
   create: [encrypt()]
 },
 before: {
    get: [decrypt()]
 }
});

Thoughts @feathersjs/core-team?

marshallswain commented 8 years ago

Hopefully we can implement both of them, starting with the second option. Implementing option 2 would would pave the way to making option 1 possible, anyway, and 2 is much more flexible, staying datastore agnostic, which I agree is more inline with the Feathers way of doing business.

Vault has two APIs: CLI and HTTP. The adapter could assume that Vault is installed on the local machine unless it receives a url or host in the config.

ekryski commented 8 years ago

Cool. Like you mentioned @marshallswain it might make sense to potentially do both but I do like the plan of just using one of our existing datastores to start with. It provides a lot of security with very little effort on our part (just a couple hooks).

I think we'd likely want to create a separate feathers-vault adapter that is a little more specialized and supports more advanced use cases rather than relying on a central data store to grab config vars.

marshallswain commented 8 years ago

Yeah. I absolutely agree. The feathers-vault adapter should be its own entity.

kc-dot-io commented 8 years ago

We could also implement something in the cli:

$ feathers config set key value --storage vault

ekryski commented 8 years ago

The interface for this vault module looks pretty nice. https://github.com/kr1sp1n/node-vault

kc-dot-io commented 8 years ago

closing in favour of #26