Last active
August 12, 2024 17:39
-
-
Save vfarcic/42d96b7a284a5435a2d1eca0156644b5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: https://gist.github.com/vfarcic/42d96b7a284a5435a2d1eca0156644b5 | |
| ####################################################################### | |
| # Secrets Made My Life Miserable - Consume Secrets Easily With Teller # | |
| # https://youtu.be/Vcjz-YM3uLQ # | |
| ####################################################################### | |
| # Additional Info: | |
| # - Teller: https://github.com/tellerops/teller | |
| # - Manage Kubernetes Secrets With External Secrets Operator (ESO): https://youtu.be/SyRZe5YVCVk | |
| # - SchemaHero - Database Schema Migrations Inside Kubernetes: https://youtu.be/SofQxb4CDQQ | |
| # - How To Inspect, Plan, Migrate DB Schemas With Atlas: https://youtu.be/JLvHpXJ1hHk | |
| ######### | |
| # Setup # | |
| ######### | |
| git clone https://github.com/vfarcic/teller-demo | |
| cd teller-demo | |
| # Watch https://youtu.be/WiFLtcBvGMU if you are not familiar with Devbox. Alternatively, you can skip Devbox and install all the tools listed in `devbox.json` yourself. | |
| devbox shell | |
| # The demo is based on Google Cloud (GCP) and Google Secrets. | |
| # Teller works with almost any type of secrets but you'll have to | |
| # adaprt the manifests and the commands if you're planning to | |
| # use a different provider (other than GCP). | |
| export PROJECT_ID=dot-$(date +%Y%m%d%H%M%S) | |
| gcloud projects create $PROJECT_ID | |
| echo https://console.cloud.google.com/marketplace/product/google/secretmanager.googleapis.com?project=$PROJECT_ID | |
| # Open the output URL in a browser and enable the API. | |
| gcloud sql instances create my-db --tier db-f1-micro \ | |
| --database-version POSTGRES_14 --region us-east1 \ | |
| --project $PROJECT_ID --authorized-networks "0.0.0.0/0" | |
| gcloud sql users set-password postgres --instance my-db \ | |
| --password IWillNeverTell --project $PROJECT_ID | |
| export DB_HOST=$(gcloud sql instances describe my-db \ | |
| --format="value(ipAddresses[0].ipAddress)" \ | |
| --project $PROJECT_ID) | |
| echo -ne $DB_HOST | gcloud secrets create my-db-host \ | |
| --project $PROJECT_ID --data-file - | |
| echo -ne postgres | gcloud secrets create my-db-user \ | |
| --project $PROJECT_ID --data-file - | |
| echo -ne IWillNeverTell | gcloud secrets create my-db-password \ | |
| --project $PROJECT_ID --data-file - | |
| yq --inplace \ | |
| ".providers.google_secretmanager.env.DB_ENDPOINT.path = \"projects/$PROJECT_ID/secrets/my-db-host/versions/1\"" \ | |
| my-db.yaml | |
| yq --inplace \ | |
| ".providers.google_secretmanager.env.DB_USER.path = \"projects/$PROJECT_ID/secrets/my-db-user/versions/1\"" \ | |
| my-db.yaml | |
| yq --inplace \ | |
| ".providers.google_secretmanager.env.DB_PASSWORD.path = \"projects/$PROJECT_ID/secrets/my-db-password/versions/1\"" \ | |
| my-db.yaml | |
| # Install Go if you do not have it already. | |
| ####################################### | |
| # Secrets From a Terminal With Teller # | |
| ####################################### | |
| cat my-db.yaml | |
| teller show --config my-db.yaml | |
| teller env --config my-db.yaml | |
| eval "$(teller env --config my-db.yaml)" | |
| echo $DB_ENDPOINT $DB_USER $DB_PASSWORD | |
| ########################################### | |
| # Secrets For App Development With Teller # | |
| ########################################### | |
| go run . | |
| # Open a second terminal session | |
| # In the second terminal session | |
| curl http://localhost:8080/videos | |
| # In the first terminal session | |
| # Press `ctrl+c`` | |
| # In the first terminal session | |
| teller run --config my-db.yaml env | |
| # In the first terminal session | |
| teller run --config my-db.yaml go run . | |
| # In the second terminal session | |
| curl http://localhost:8080/videos | |
| # In the second terminal session | |
| exit | |
| # Press `ctrl+c` | |
| ################################## | |
| # Secrets For Docker With Teller # | |
| ################################## | |
| docker container run --name silly-demo --detach \ | |
| --publish 8080:8080 c8n.io/vfarcic/silly-demo:1.4.39 | |
| curl http://localhost:8080/videos | |
| docker container rm silly-demo --force | |
| teller env --config my-db.yaml | |
| docker container run --name silly-demo --detach \ | |
| --publish 8080:8080 \ | |
| --env-file <(teller env --config my-db.yaml) \ | |
| c8n.io/vfarcic/silly-demo:1.4.39 | |
| curl http://localhost:8080/videos | |
| docker container rm silly-demo --force | |
| ############################# | |
| # There's More To Teller... # | |
| ############################# | |
| cat all.yaml | |
| # Replace `vfarcic` with your project that contains a | |
| # secrets. | |
| # teller env --config all.yaml | |
| teller show --config all.yaml | |
| teller sh --config my-db.yaml | |
| teller scan --config all.yaml | |
| teller scan --config all.yaml --silent | |
| echo $? | |
| echo "IWillNeverTell should not appear in logs" \ | |
| | teller redact --config my-db.yaml | |
| ########### | |
| # Destroy # | |
| ########### | |
| gcloud projects delete $PROJECT_ID --quiet |
Author
Teller recently released 2.x.x which contains breaking changes. Unfortunately, I haven't upgraded myself so I'm not (yet) sure what needs to be changed. As a temporary fix, I just modified the Gist and the repo to use DevBox that contains a fixed version of teller 1.5.6 (the last 1.x.x release). Can you please try it out and let me know if you encounter any issues with it.
Alternatively, you might want to take a stab at 2.x.x and make a PR with changes. I'm about to go on a trip and will likely not be able to work on it myself in the upcoming weeks.
As for whether I think Teller is good to use... I certainly do. I use it every day. It's in most of my repos. I just haven't got time to upgrade myself.
I actually documented my experience.
tellerops/teller#291
And then I found the most important page in the repository
tellerops/teller#216
That helped me figure out why most tutorials aren't 2.x compatible.
The new rust client is very unforgiving and needs some QOL features, but I have it working and in a GitHub action.
Thanks for all your work!
Author
Could you make a PR in https://github.com/vfarcic/teller-demo with the changes to .teller.yml?
Done!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
teller has blown up your tutorial! lol
I'd been trying to use teller, and non of the existing tutorials work!
Also the tlr.dev website is gone, and there's nothing but rust documentation.
Do you still think Teller is good to use?