search

helmfile / vals

Helm-like configuration values loader with support for various sources
Apache License 2.0
511 stars 69 forks source link

"Custom command" plugin to retrieve passwords from any backend that have cli interface #193

Open MurzNN opened 8 months ago

MurzNN commented 8 months ago

Will be good to implement a "custom command" plugin, that will run a specific command and parse the output to retrieve the value.

For example, we have no integration for Bitwarden secrets storage backend. But Bitwarden provides a good cli interface that can be used to retrieve the values.

For example, we can introduce the configuration like this:

name: bitwarden
dataFormat: {id}/{fieldname}
commandTemplate: bw get {fieldname} {id}
outputType: json # plaintext|json|yaml
outputValue: data.{fieldname} # JSON path, or YAML path, or Regexp

And then, we can refer to this provider like this:

password: ref+bitwarden://35ab2e78-7d47-49e5-b72f-d8c7cbc32531/password

And the same approach can cover any other secrets storage that provides command line interface!

What do you think about this idea?

mumoshu commented 8 months ago

@MurzNN Hey! Thanks for bringing this up. This is now a good idea, especially after we realized that there is a concrete example of where this custom-command-plugin would be handy- Bitwarden's SDK isn't light enough and gives us no ability to build a one-binary solution.