Open
Description
Is your feature request related to a problem? Please describe.
many CLI tools rely on local plaintext files to function, e.g. aws cli, azure cli, ...
These creds can find their way into repos if not kept ephemeral.
Describe the solution you would like
Inject those secrets into a file template, where the instantiated file is mmapped.
something like if secrets.yml were:
FOO: !var <secret-id>
BAR: !var <secret-id>
CRED_FILE: !var:template <local-template-file-path> << note !var:template tag
which (as with !var:file) created an mmapped file, but of the local template.
If the local template file were:
[ default ]
aws_id = {{ FOO }}
aws_secret = {{ BAR }}
Summon could replace the placeholders with their identically named env vars.
Describe alternatives you have considered
create a !var:file entry in secrets.yml as a placeholder:
AWS_ACCESS_KEY_ID: !var DemoVault/CICD/CICD_Secrets/AwsAccessKeys/username
AWS_SECRET_KEY: !var DemoVault/CICD/CICD_Secrets/AwsAccessKeys/password
AWS_SHARED_CREDENTIALS_FILE: !var:file DemoVault/CICD/CICD_Secrets/AwsAccessKeys/password << placeholder value
Summon calls a script which sed copies the template into the mmpapped file, e.g.:
cat localtemplate \
| sed -e "s#{{ AWS_ACCESS_KEY_ID }}#$AWS_ACCESS_KEY_ID#g" \
| sed -e "s#{{ AWS_SECRET_ACCESS_KEY }}#$AWS_SECRET_ACCESS_KEY#g" \
> $AWS_SHARED_CREDENTIALS_FILE
Additional context
This comes up with some frequency and would provide a nice generalized templating capability.