3. put config.yaml as dummy_config_yaml/reseller1/region99
┌──────► Vault ◄──────────────────────────┐
│ ▲ │
│ │ │
│ │ │
│ │ │
│ │ │
│ │ 1. Get Secret-ID │ 5. fetch config.yaml
│ │ │ at path dummy_config_yaml/reseller1/region99
│ │ │
│ │ │
│ │ │
│ │ │
│ │ │
│ │ │
│ Orchestrator/Terraform/ go run main.go
copy_config2vault_secret2temp.sh ▲
│ │
│ │
│ │
│ 2. Write Secret-ID │ 4. read Secret-ID
│ │
│ │
│ │
▼ │
/tmp/secret ───────────────────────────┘
init_vault.sh (run by docker-compose)
- create vault role
- create vault policy
copy_config2vault_secret2tmp.sh
- get secret-id for app-role-id (
dummy_app), so the program that need to readconfig.yamlcan retrieve it, put it on/tmp/secret - put secret to be retrieved later by app, in this case is
config.yaml(eg. from terraform) todummy_config_yaml/reseller1/region99on vault
main.go
- read secret id from
/tmp/secret, and retrieveconfig.yamlfrom vault (that stored indummy_config.yaml/reseller1/region99)
docker compose up --build
./copy_config2vault_secret2tmp.sh
go run main.go
