gered/vault-sidekick
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

update documentation

Browse source
This commit is contained in:
Sam Manzer 2017-10-12 12:11:14 -05:00
parent 5c5bdc7686
commit 3948d3ff6b
1 changed files with 41 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
README.md
View file

@ -12,25 +12,46 @@ Vault Sidekick is a add-on container which can be used as a generic entry-point
**Usage:** **Usage:**
```shell ```shell
[jest@starfury vault-sidekick]$ bin/vault-sidekick --help $ sudo docker run --rm quay.io/ukhomeofficedigital/vault-sidekick:v0.3.3 -help
Usage of bin/vault-sidekick: Usage of /vault-sidekick:
-alsologtostderr=false: log to standard error as well as files -alsologtostderr
-auth="": a configuration file in a json or yaml containing authentication arguments log to standard error as well as files
-cn=: a resource to retrieve and monitor from vault (e.g. pki:name:cert.name, secret:db_password, aws:s3_backup) -auth string
-ca-cert="": a CA certificate to use in order to validate the vault service certificate a configuration file in json or yaml containing authentication arguments
-delete-token=false: once the we have connected to vault, delete the token file from disk -ca-cert string
-dryrun=false: perform a dry run, printing the content to screen the path to the file container the CA used to verify the vault service
-log_backtrace_at=:0: when logging hits line file:N, emit a stack trace -cn value
-log_dir="": If non-empty, write log files in this directory a resource to retrieve and monitor from vault
-logtostderr=false: log to standard error instead of files -dryrun
-output="/etc/secrets": the full path to write the protected resources (VAULT_OUTPUT if available) perform a dry run, printing the content to screen
-stats=5m0s: the interval to produce statistics on the accessed resources -exec-timeout duration
-stderrthreshold=0: logs at or above this threshold go to stderr the timeout applied to commands on the exec option (default 1m0s)
-tls-skip-verify=false: skip verifying the vault certificate -format string
-token="": the token used to authenticate to teh vault service (VAULT_TOKEN if available) the auth file format (default "default")
-v=0: log level for V logs -log_backtrace_at value
-vault="https://127.0.0.1:8200": the url the vault service is running behind (VAULT_ADDR if available) when logging hits line file:N, emit a stack trace
-vmodule=: comma-separated list of pattern=N settings for file-filtered logging -log_dir string
If non-empty, write log files in this directory
-logtostderr
log to standard error instead of files
-one-shot
retrieve resources from vault once and then exit
-output string
the full path to write resources or VAULT_OUTPUT (default "/etc/secrets")
-stats duration
the interval to produce statistics on the accessed resources (default 1h0m0s)
-stderrthreshold value
logs at or above this threshold go to stderr
-tls-skip-verify
whether to check and verify the vault service certificate
-v value
log level for V logs
-vault string
url the vault service or VAULT_ADDR (default "https://127.0.0.1:8200")
-version
show the vault-sidekick version
-vmodule value
comma-separated list of pattern=N settings for file-filtered logging
``` ```
**Building** **Building**
@ -47,7 +68,7 @@ The below is taken from a [Kubernetes](https://github.com/kubernetes/kubernetes)
spec: spec:
containers: containers:
- name: vault-side-kick - name: vault-side-kick
image: gambol99/vault-sidekick:latest image: quay.io/ukhomeofficedigital/vault-sidekick:v0.3.3
args: args:
- -output=/etc/secrets - -output=/etc/secrets
- -cn=pki:project1/certs/example.com:common_name=commons.example.com,revoke=true,update=2h - -cn=pki:project1/certs/example.com:common_name=commons.example.com,revoke=true,update=2h