From 4a518165156e27d4189fb939d1a2d3bffdc17193 Mon Sep 17 00:00:00 2001 From: Alex Co Date: Mon, 12 Jun 2023 16:38:31 +0800 Subject: [PATCH 1/2] Add more guides Signed-off-by: Alex Co --- .../elixir_working_with_secrets_in_bunker.md | 2 +- guides/examples/.wukong.toml.example | 13 +++ .../working_with_generic_secrets_in_bunker.md | 91 +++++++++++++++++++ 3 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 guides/examples/.wukong.toml.example create mode 100644 guides/working_with_generic_secrets_in_bunker.md diff --git a/guides/elixir_working_with_secrets_in_bunker.md b/guides/elixir_working_with_secrets_in_bunker.md index 142b6ab15..df940b50c 100644 --- a/guides/elixir_working_with_secrets_in_bunker.md +++ b/guides/elixir_working_with_secrets_in_bunker.md @@ -86,7 +86,7 @@ If you see some errors at this step, for example `Secret Not Found`, it maybe of * You did not create the secrets file in Bunker yet. * You did not have proper permission to access the secrets file in Bunker. -In this case, make sure you are able to see the secrets in the Bunker by visiting https://bunker.mindvalley.dev:8200. If the problem persists, do let us know by sending us a message to Slack channel #wukong-cli-testers. +In this case, make sure you are able to see the secrets in the Bunker by visiting https://bunker.mindvalley.dev:8200. If the problem persists, do let us know by sending us a message to Slack channel #wukong-dev-team. ## Pusing the secrets. diff --git a/guides/examples/.wukong.toml.example b/guides/examples/.wukong.toml.example new file mode 100644 index 000000000..c47cca3b1 --- /dev/null +++ b/guides/examples/.wukong.toml.example @@ -0,0 +1,13 @@ +[[secrets]] + +[secrets.dotenv] +provider = "bunker" +kind = "generic" +src = "vault:secret/wukong-cli/development#dotenv" +dst = ".env" + +[secrets.kubeconfig] +provider = "bunker" +kind = "generic" +src = "vault:secret/wukong-cli/development#kubeconfig" +dst = "priv/files/kubeconfig" \ No newline at end of file diff --git a/guides/working_with_generic_secrets_in_bunker.md b/guides/working_with_generic_secrets_in_bunker.md new file mode 100644 index 000000000..5da3a2ecb --- /dev/null +++ b/guides/working_with_generic_secrets_in_bunker.md @@ -0,0 +1,91 @@ +# HOW TO INTEGRATE WITH SECRETS IN BUNKER FOR ANY ARBITRARY SECRETS + +In this article, we will go through the neccessary steps to integrate with Bunker any project using the Wukong CLI. After following this guide, you will be able to pull the secrets from Bunker, as well as publishing new changes for the secrets, to let Bunker become the single source of truth for your development environment configuration. + +## Preparing the secrets file in Bunker. + +First, you will need to prepare the secrets in Bunker. This can be any type of secrets, for example API Keys, SSH Credentials, Database Credentials etc.... + +You can choose whatever secret path for your secrets file in Bunker, as long as you have the write permission for it, and your teammates also have the same permission. The general rule of thumb here is creating the secret under an existing secret path of your application. For example + +* The application you want to integrate is `mv-connect`. +* In Bunker, there's already a secret path named `connect`. Like this + + + +* Then, create the secret the development path. + +* Finally, press `Save` to save the secrets file into Bunker. + +**IMPORTANT** + +It's important to know that you may not have permission to create the secret in Bunker, since the permission is depends on your Okta group. If you encouter the `Permission Error` message when creating secrets, kindly contact SRE team by the following method. + +* (Recommended) Raise a Jira ticket at https://mindvalley.atlassian.net/servicedesk/customer/portal/3/group/15. +* Posting into Slack channel #tech-general. + +## Create the .wukong.toml + +To allow the Wukong CLI to be able to detect and pull the secrets file for you, you need to put a `.wukong.toml` config file in the top-level of your working folder. +You can find an example of the file in the [example](guides/examples) folder. Let's assume you want to pull a secret from Bunker to the `.env` file on your working directory. + +```toml +[[secrets]] + +[secrets.dotenv] +provider = "bunker" +kind = "generic" +src = "vault:secret/mv/tech/app/dev#dotenv" +dst = ".env" +``` + +**EXPLANATION** + +The first line. +``` +provider = "bunker" +``` +This to tell the Wukong CLI that which secrets provider you are using. At this moment, it only accepts the `bunker` as value. Any other values will be ignored. +``` +kind = "generic" +``` +This to tell the Wukong CLI what kind of secret you are pulling. At this moment it only accepts the `generic` as value. Any other values will be ignored. +``` +src = "vault:secret/mv/tech/app/dev#dotenv" +``` +This is the path to the secret in Bunker. The part after the `#` indicates which key you are pulling from the secret. +``` +dst = ".env" +``` +This is the path to write the secret to your working folder. The path MUST be a relative path, you're not allowed to write to any path outside of your working folder. +If the path containing sub-folder, Wukong CLI will automatically creates the sub-folder for you. + +## Pulling the secrets. + +At the top-level of the project, run this command. + +`wukong dev config pull` + +You will be asked to login to Bunker using your Okta credentials, and performing the 2FA verification using Okta Verify mobile app. If things go well, you will see something like this. + +```bash +wukong dev config pull + +🔍 1 annotation found in /Users/tuanco/code-workspaces/elixir/src/github.com/mindvalley/wukong-ci-mock-app/.wukong.toml + Created /Users/tuanco/code-workspaces/elixir/src/github.com/mindvalley/wukong-ci-mock-app/.env +``` + +**NOTES** + +If you see some errors at this step, for example `Secret Not Found`, it maybe of the following reasons: +* You did not create the secrets file in Bunker yet. +* You did not have proper permission to access the secrets file in Bunker. + +In this case, make sure you are able to see the secrets in the Bunker by visiting https://bunker.mindvalley.dev:8200. If the problem persists, do let us know by sending us a message to Slack channel #wukong-dev-team. + +## Pusing the secrets. + +If you have the permission to edit the secrets in Bunker, you can also make changes to the secrets locally, then push it to Bunker using this command. +`wukong dev config push` + +This command will compare your local version vs the remote version in Bunker, and shows you the diff, similar like a `git diff`. You then can choose whether you want to push the changes to Bunker or not. From 7f24ae3afc5949f8ff65417d79b49401b2f604cf Mon Sep 17 00:00:00 2001 From: Alex Co Date: Mon, 12 Jun 2023 16:39:31 +0800 Subject: [PATCH 2/2] Update README with the new guide Signed-off-by: Alex Co --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e4cb26e2..b172eea5f 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,8 @@ The Wukong CLI is a set of tools to manages Mindvalley DevOps resources. Its goa ## GUIDES -* [How to use the Vault integration with Elixir projects](guides/elixir_working_with_secrets_in_bunker.md) +* [How to use the Vault integration with Elixir projects](guides/elixir_working_with_secrets_in_bunker.md). +* [How to use the Vault integration with arbitrary secrets](guides/working_with_generic_secrets_in_bunker.md). ## Get Started for Development