search

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.
https://guac.sh
Apache License 2.0
1.29k stars 176 forks source link

Implement viper config #273

Closed lukehinds closed 1 year ago

lukehinds commented 1 year ago

Introduce a viper config.

This way users can set args via a config file, CLI args and/or environment variables.

$ cat guac.yaml
creds:
  user: neo4j
  pass: s3cr3t
db-addr: neo4j://localhost:7687
realm: neo4j

Environment variables:

export guac-db-addr=neo4j://localhost:7687

One change I recommend (after some experimentation) it would be better to use individual flags for creds, something like --gdbuser neo4j --gdbpass s3cr3t

The reason being, viper will pull out everything it needs for all three approaches with GetString as we can load the CLI flags via BindPFlags alongside the env, and config values, all into the same shared space.

If we try to stay with --creds user:pass it makes it a lot more of a messy approach as the CLI args need separate verification and you need to play around with string slicing.

This change would get us in the position where we can then easily use a secrets system to inject log4j credentials via an env.

Let me know, hopefully you're not to adamant is has to be user:pass 😛

I am happy to work on this, already have most of the code locally.

lumjjb commented 1 year ago

+1 on this - this will be a nice improvement to management of instances once the Pub/sub (NATS) stuff that @pxp928 has been working on gets done and we setup the pipeline as well!