Skip to content

Instantly share code, notes, and snippets.

@alexellis

alexellis/seal-it.md

Created June 22, 2019 15:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alexellis/5f345c255cb7de052e3240a291c90261 to your computer and use it in GitHub Desktop.
Save alexellis/5f345c255cb7de052e3240a291c90261 to your computer and use it in GitHub Desktop.
Download ZIP
Seal a secret in OFC
Raw
seal-it.md

Seal a secret in OFC

1. Get the CLI

curl -sLS https://cli.openfaas.com | sudo sh

2. Get the public certificate for your instance

For the community cluster:

curl -SLO https://raw.githubusercontent.com/teamserverless/leaderboard-app/master/pub-cert.pem

3. Seal your secret

Given a GitHub or GitLab username or org of teamserverless and a secret named slack your secret name will be teamserverless-slack.

export WEBHOOK_URL="https://slack..."
export WEBHOOK_SECRET="dont-tell"

faas-cli cloud seal \
  --name teamserverless-slack
  --literal=webhook-url="${WEBHOOK_URL}" \
  --literal=webhook-secret="${WEBHOOK_SECRET}"

In stack.yml in secrets: put:

secrets:
  - teamserverless-slack

Finally, to read your secret literals at runtime use the literal from the seal stage:

/var/openfaas/secrets/webhook-url

/var/openfaas/secrets/webhook-secret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment