Require and document external db connection information coming from V…

…ault.
genesis-community · Aug 17, 2022 · a7420d1 · a7420d1
1 parent c4cc530
commit a7420d1
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -39,20 +39,16 @@ secret/$env/vault/db:port
 secret/$env/vault/db:sslmode
 secret/$env/vault/db:database
 ```
-
-You can also override in the environment file directly however this is not 
-advised for production environments.
-
-```yaml
-params:
-  pg:
-    scheme:   "postgres"
-    username: ""
-    password: ""
-    hostname: ""
-    port:     "5432"
-    sslmode:  "disable"
-    database: ""
+You can do this using `safe` in a single command like so:
+```sh
+safe set secret/dev/ocf-scheduler/db \
+  hostname="rds-scheduler-20220817135133803000000001.amzdohuu4x1g.us-west-2.rds.amazonaws.com" \
+  port="5432" \
+  username="scheduler" \
+  password="U4k294KkhuNEe9ZaGoe15tGywr5o" \
+  scheme="postgres" \
+  sslmode="disable" \
+  database="scheduler"
 ```
 
 ## `cf-route-registrar`

diff --git a/manifests/external-postgres.yml b/manifests/external-postgres.yml
@@ -1,14 +1,16 @@
 ---
 meta:
   pg:
-    scheme:   (( grab params.pg.scheme   || vault meta.vault "db:scheme"   ))
-    username: (( grab params.pg.username || vault meta.vault "db:username" ))
-    password: (( grab params.pg.password || vault meta.vault "db:password" ))
-    hostname: (( grab params.pg.hostname || vault meta.vault "db:hostname" ))
-    port:     (( grab params.pg.port     || vault meta.vault "db:port"     ))
-    sslmode:  (( grab params.pg.sslmode  || vault meta.vault "db:sslmode"  ))
-    database: (( grab params.pg.database || vault meta.vault "db:database" ))
+    scheme:   (( vault meta.vault "/db:scheme"   ))
+    username: (( vault meta.vault "/db:username" ))
+    password: (( vault meta.vault "/db:password" ))
+    hostname: (( vault meta.vault "/db:hostname" ))
+    port:     (( vault meta.vault "/db:port"     ))
+    sslmode:  (( vault meta.vault "/db:sslmode"  ))
+    database: (( vault meta.vault "/db:database" ))
+
 instance_groups:
 - name: scheduler
   jobs:
   - (( delete "postgres" ))
+
diff --git a/manifests/scheduler.yml b/manifests/scheduler.yml
@@ -7,7 +7,7 @@ meta:
     username: (( grab params.pg.username || "ocf-scheduler" ))
     password: (( grab params.pg.password || "ocf-scheduler" ))
     hostname: (( grab params.pg.hostname || "127.0.0.1" ))
-    port:     (( grab params.pg.port     || 5432 ))
+    port:     (( grab params.pg.port     || "5432" ))
     sslmode:  (( grab params.pg.sslmode  || "disable" ))
     database: (( grab params.pg.database || "ocf-scheduler" ))
   cf: