reading the config from stdin - we could easily add that ability. It’s
not there currently though.
Reading from stdin would be perfect for now.
Then, we could also allow secrets to be read from environment variables
… I need to look into that (I think we have that ability already for
certain config things …).
Environment variables, while convenient, aren’t really secure because they can show up in logs or be accessed in fairly simple ways if a system is compromised.
we are trying not to write anything to file or env variable if we can help it.
I guess you are using WAMP-CRA or WAMP-Ticket authentication? Because
these do have secrets. Whereas WAMP-Cryptosign is a public-private key
based authentication mechanism where there are no secrets at all in the
node config! But this is alpha, and its only implemented in
AutobahnPython, not yet the other Autobahns.
Dynamically configuring Crossbar.io (without any local node
configuration file) is possible via the management API, that is yet to
be released (the code is in CB alreaday, but we want to expose that via
Crossbar.io DevOps Center - I think we’ve talked about that previsouly
… its upcoming).
Dynamic configuration would be really great, i can imagine it will work much better for our purposes.
So, sorry, all 4 above: no immediate solution to your itch =(
The first one is trivial to add … on what Crossbar.io version are you
running currently? I think I remember you had some other issues that
prevent you from running the latest? What was that again?
Currently running 0.12 for reasons, but we are at a place we can update to the latest once again.
On Tuesday, April 12, 2016 at 3:56:22 AM UTC-7, Tobias Oberstein wrote:
Am 12.04.2016 um 06:33 schrieb Greg Keys:
We are in the process of implementing hashicorp’s vault into our stacks
for securely managing secrets.
The secrets we want to manage in regards to crossbar are the
authentication usernames in the config.json we are trying to avoid
writing anything to disk.
What we would like to do is pass the config.json into a command line
argument, I did notice that there is a --config option when starting
crossbar but it looks like it has to be a file?
Are there any other methods for dynamically giving crossbar its config
so that it doesnt have to be written to disk?
You received this message because you are subscribed to the Google
Groups “Crossbar” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to crossbario+...@googlegroups.com
To post to this group, send email to cros...@googlegroups.com
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.