Last active
September 17, 2017 10:18
-
-
Save treacher/801ee6a10711c3f2d42cfb8132669623 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM alpine:3.5 | |
RUN apk add --update bash curl && rm -rf /var/cache/apk/* | |
# Install shush | |
RUN curl -sL -o /usr/local/bin/shush \ | |
https://github.com/realestate-com-au/shush/releases/download/v1.3.0/shush_linux_amd64 \ | |
&& chmod +x /usr/local/bin/shush | |
# Add a user so that we're not running our executables as root. | |
RUN addgroup -S kube-kms-example && adduser -S -g kube-kms-example kube-kms-example | |
USER kube-kms-example | |
COPY print-secrets . | |
# Use shush exec as an entrypoint for decrypting our secrets | |
ENTRYPOINT ["/usr/local/bin/shush", "exec", "--"] | |
CMD ["./print-secrets"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
echo "Polling env for secrets:" | |
_handleSignal() { | |
echo "Exiting, goodbye!" | |
exit 0 | |
} | |
# Handle SIGTERM and SIGINT so that our script | |
# can be stopped when trying to kill the pod | |
# gracefully. | |
trap _handleSignal SIGTERM SIGINT | |
# Keep printing our secrets | |
while true; do | |
env | grep "^DB\|^API\|^SERVICE" | |
sleep 1 | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment