Configuration

The Secretless Broker relies on its configuration to determine which Target Services it can connect to and how it should retrieve the access credentials to authenticate with those services.

Each Secretless Broker configuration includes two sections:

  • listeners: A list of protocol Listeners, each one on a Unix socket or TCP port.
  • handlers: A list of Handlers to process the requests received by each Listener. Handlers implement the protocol for the Target Services and are configured to obtain the backend connection credentials from one or more Credential Providers.

Examples

In the examples below, we share the Secretless configurations that were used in each of the quick start demos. For ease of understanding we’ve broken them up into three separate configurations. In practice you can configure Secretless Broker to handle as many types of connections as you need; to see how we configured Secretless Broker to handle all three of these connection types at once, check out the actual configuration we used in building the quick start Docker image.

listeners:
  - name: pg_tcp
    protocol: pg
    address: 0.0.0.0:5454

handlers:
  - name: pg
    listener: pg_tcp
    credentials:
      - name: address
        provider: literal
        id: localhost:5432
      - name: username
        provider: env
        id: QUICKSTART_USERNAME
      - name: password
        provider: env
        id: QUICKSTART_PASSWORD
    
listeners:
  - name: ssh
    protocol: ssh
    address: 0.0.0.0:2222

handlers:
  - name: ssh
    listener: ssh
    credentials:
      - name: address
        provider: literal
        id: localhost
      - name: user
        provider: literal
        id: user
      - name: privateKey
        provider: env
        id: SSH_PRIVATE_KEY
    
listeners:
  - name: http_basic_auth
    protocol: http
    address: 0.0.0.0:8081

handlers:
  - name: http_basic_auth
    type: basic_auth
    listener: http_basic_auth
    match:
     - ^http\:\/\/quickstart\/
     - ^http\:\/\/localhost.*
    credentials:
      - name: username
        provider: env
        id: BASIC_AUTH_USERNAME
      - name: password
        provider: env
        id: BASIC_AUTH_PASSWORD
    

Configuring Secretless Broker

The Configuration Managers section in the Secretless Broker reference has more information about how to provide the Broker with its configuration in practice.

Ready to use Secretless Broker in your Kubernetes environment? Check out our Kubernetes tutorial or our deployment guides!