-
Notifications
You must be signed in to change notification settings - Fork 0
/
example-service.toml
108 lines (94 loc) · 4.11 KB
/
example-service.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Docker information for the service to be deploy
[docker]
# The base image for the service excluding the tag
image = "wafflehacks/cms"
# The base tag to deploy
tag = "develop"
# Image update configuration
[docker.update]
# Allow automatic updating when a new image is built (default: true)
automatic = true
# Any additional tag(s) to allow for updating the service supports globs (via the globset crate)
# Automatically includes the base tag
additional_tags = ["sha-*"]
[web]
# Whether to enable web access (default: true)
enabled = true
# An optional path prefix to run the application under
# When not provided, the service will run on the base domain
path = "/testing"
# The domain where the application can be accessed
# Defaults to the filename combined with the `deployment.domain` key in the configuration
domain = "testing.wafflehacks.tech"
# What external services this depends on
# Currently supports: PostgreSQL and Redis
# Connection strings will be automatically injected into environment variables in the format: {service name}_URL
# Ex: - POSTGRES_URL - REDIS_URL
[dependencies]
# A service can be explicitly enabled by setting it to false.
# If it is not included, it will default to disabled.
redis = false
# Postgres credentials are automatically generated by Vault using a role with the same name
# as the deployment, by default. The database and corresponding role (within Postgres)
# must already exist before deploying the service.
#
# The environment variable can be changed by setting the value to the desired name.
# Environment variable names will be automatically made uppercase.
postgres = "DATABASE_URL"
## Below is the format for setting a custom role for the Postgres database.
## It also supports changing the environment variable name by setting a value
## for `name`. If unset, it follows the same semantics as the bare version.
#[postgres]
# role = "testing"
# #name = "DATABASE_URL"
# Environment variables to pass to the container
# All values must be strings, and the name will be automatically made uppercase when it is
# injected into the container
[environment]
some = "variable"
another = "value"
number = "1"
boolean = "true"
# Secrets to pass to the container as environment variables
# The location within Vault will be automatically derived from the subdomain and environment variable name
# Ex: - subdomain = `git.wafflehacks.tech` name = `secret_key` --> /kv/git/secret_key
# - subdomain = `git.dev.wafflehacks.tech` name = `secret_key` --> /kv/dev/git/secret_key
# Like the normal environment variables, the variable name will be automatically be made uppercase
#
# There are currently 3 types of secrets:
# - `aws`: retrieves AWS credentials for with the given role
# - `generate`: generates a random secret in the specified format
# - `load`: loads a pre-existing secret from vault
[secrets]
# If the secret type does not require additional configuration (i.e. `load` secrets), then the type can be specified
# as a bare string or as a map. Otherwise, they must be specified as maps (inline or as blocks).
bare = "load"
# Inline map
inline = { type = "load" }
# Block map
[secrets.block]
type = "load"
[secrets.aws_access_key_id]
type = "aws"
# The role to generate the credentials from
# It must already exist in Vault
role = "my-role"
# The part of the key pair to store in the environment variable
# Options: `access`, `secret`
part = "access"
# Stores the secret access key part of the pair
# There should be one variable per part, however no validation is done to ensure this happens
[secrets.aws_secret_access_key]
type = "aws"
role = "my-role"
part = "secret"
[secrets.generated]
type = "generate"
# The format to encode the generated string in
# Options: `alphanumeric`, `base64`, `hex`
format = "base64"
# The length of the string to generate
# When generating a base64 or hex string, the length corresponds to the number of bits
length = 16
# Whether to regenerate the secret on redeploy (default: false)
regenerate = false