Getting all settings / configurations / paths through env variables and mounted secrets

[ttinkr]

It would be really great to be able to specify all configuration attributes via environment variables. For example to the path to settings.txt for cassh-web. Further more it would be also super handy to be able to define keys as paths to files. This would allow keys to be mounted in kubernetes as secrets and the rest of the configuration could reside in a ConfigMap. Both changes would allow a fast and consistent configuration and deployment of all the components in a Kubernetes cluster.

Thanks, Thomas

[nbeguier]

You have totally right, I will take a look. Notice that cassh web is lacking features (especially admin one), it was design for Windows clients.

[ttinkr]

Is there some list which features are missing?

I am trying to make one unified portal for both win and nix users. I want to disable LDAP auth and put it behind a vouch proxy to do auth on keycloak. You think this could work out?

I like your project, if there is some code missing to make it work I'll may send some PRs soon 😊

[nbeguier]

It's nice to read that :) All admin features are missing on cassh web. To begin with: activate/delete/revoke user key. Add/remove principals can be nice for the long run, it's very useful. I'm not satisfied of my session management, should be changed with a dedicated library.

About your idea to put it behind a proxy, I don't know yet the techno you are mentioning. On cassh server side, we could trust some signed headers, with a key of your proxy, to be sure it wasn't altered. Giving an idea of the user group could be great, to map it with local set of principals.

[nbeguier]

This is a first draft of env var in cassh-web. Tell me if it's ok for you, I can do it either on cassh-server.

[ttinkr]

Looks good, thx!!

[nbeguier]

And now the cassh server. It's been a while I should have done that :smile: !

Tell me if it's ok for you (You may not have everything ready to test it in a real env :sweat_smile: ) But in my set of tests it works fine.