Closed kc-dot-io closed 6 years ago
Should configurations be manageable via a public feathers service? (not very secure)
This can be made secure. One way would be to create a second, separate auth endpoint just for configuration tokens. Enabling IP-aware auth or multi-factor auth would help.
Should we bundle adapters or treat them as standalone plugins that extend feathers-configuration?
I would imagine we'd want them separate, just like the other adapters.
Cool, I think I can work with that. Typical best practice would be to put your configuration storage in a private subnet so there is no outside access, perhaps in a case where there is we can simply have before hook that validates based on IP or MFA like you suggested.
10-4. I think that looks best as well, however it might make it hard to centralize the service discovery events if you use multiple storage engines, unless I add a way to bind them at run time. I'll play with that idea a bit.
Ya so far I'm really liking that direction. Not much to add after @marshallswain's comments.
Closing since it has been open for a while and I think it may now be out of scope of this little module. Happy to follow up some time in the future.
overview
as per issue #24 we want to make this repo more focused on configuration management as a whole. When it comes to reading configs, we'll look to node-config for this rather then re-invent that functionality. We should also build out the repo to have support for more complex production configuration management storage such as vault, consul and etc so that we can not only protect secrets but also eventually support service discovery.
goals
Configuration
classAdapter
classAdapters
should be able to read and writeAdapters
Adapters
Adapters
process.env
(default)Adapters
will be implemented with loading precedenceprocess.env.feathers
, json files, storage (vault, consul, etcd)Adapters
app.get
andapp.set
feathers config get
andfeathers config set
--storage
when managing a configurationprocess.env
and json filesexamples
implement
service discovery
workflow