├── Dockerfile
├── README.md
├── codefresh.yaml
├── go.mod
├── go.sum
├── kubernetes-secrets.png
├── never-commit-to-git
├── decrypted
│ ├── README.txt
│ ├── key.private
│ ├── key.pub
│ └── paypal.crt
└── unsealed_secrets
│ ├── db-creds.yml
│ ├── key-private.yml
│ ├── key-public.yml
│ └── paypal-cert.yml
├── safe-to-commit
├── manifests
│ ├── deployment.yml
│ └── service.yml
└── sealed_secrets
│ ├── db-creds.json
│ ├── key-private.json
│ ├── key-public.json
│ └── paypal-cert.json
├── settings.ini
└── simple-web-server.go
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM golang:1.15.1-alpine3.12 AS build-env
2 |
3 | WORKDIR /tmp/simple-go-app
4 |
5 | COPY . .
6 |
7 | RUN CGO_ENABLED=0 GOOS=linux go build
8 |
9 | FROM alpine:3.13
10 |
11 | EXPOSE 8080
12 |
13 | RUN apk add --no-cache ca-certificates bash
14 |
15 | COPY --from=build-env /tmp/simple-go-app/gitops-secrets-sample-app /app/gitops-secrets-sample-app
16 |
17 | COPY settings.ini /config/settings.ini
18 |
19 | WORKDIR /app
20 |
21 |
22 | CMD ["./gitops-secrets-sample-app"]
23 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Gitops with secrets
2 |
3 | This is single application that uses [Bitnami sealed secrets](https://github.com/bitnami-labs/sealed-secrets) for
4 | password and certificates.
5 |
6 | ## How to run locally
7 |
8 | `go run .`
9 |
10 | then visit http://localhost:8080 in your browser
11 |
12 | ## How to build and run the container
13 |
14 | Run
15 |
16 | * `docker build . -t my-app` to create a container image
17 | * `docker run -p 8080:8080 my-app` to run it
18 |
19 | then visit http://localhost:8080 in your browser
20 |
21 | You can find prebuilt images at [https://hub.docker.com/r/kostiscodefresh/gitops-secrets-sample-app/tags](https://hub.docker.com/r/kostiscodefresh/gitops-secrets-sample-app/tags)
22 |
23 | ## How to work with secrets
24 |
25 | **WARNING** just for demonstration purposes this repository contains both raw and encrypted
26 | secrets so that you can see the sealing process yourself. In a real application, your Git repository should only have sealed secrets
27 |
28 | Secret folders
29 |
30 | * `never-commit-to-git/decrypted` contains the raw secrets (You should never commit this to Git)
31 | * `never-commit-to-git/unsealed_secrets` contains plain Kubernetes secrets (You should never commit this to Git)
32 | * `safe-to-commit/sealed_secrets` contains sealed secrets (This is the only folder you should commit to Git)
33 |
34 | ## How to install the Bitnami secret controller
35 |
36 | Install the secret controller
37 |
38 | ```
39 | helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
40 | helm repo update
41 | helm install sealed-secrets-controller sealed-secrets/sealed-secrets
42 | ```
43 |
44 | By default the controller will be installed at the `kube-system` namespace. The namespace
45 | and release name are important, since if you change the defaults, you need to set them up
46 | with `kubeseal` as well as you work with secrets
47 |
48 | Download the `kubeseal` CLI.
49 |
50 | ```
51 | wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.16.0/kubeseal-linux-amd64 -O kubeseal
52 | sudo install -m 755 kubeseal /usr/local/bin/kubeseal
53 | ```
54 |
55 | ## How to work with bitnami sealed secrets
56 |
57 | ```
58 | kubectl create ns git-secrets
59 | cd safe-to-commit/sealed_secrets
60 | kubeseal -n git-secrets < ../../never-commit-to-git/unsealed_secrets/db-creds.yml > db-creds.json
61 | kubeseal -n git-secrets < ../../never-commit-to-git/unsealed_secrets/key-private.yml > key-private.json
62 | kubeseal -n git-secrets < ../../never-commit-to-git/unsealed_secrets/key-public.yml > key-public.json
63 | kubeseal -n git-secrets < ../../never-commit-to-git/unsealed_secrets/paypal-cert.yml > paypal-cert.json
64 | kubectl apply -f . -n git-secrets
65 | ```
66 |
67 | You now have encrypted your plain secrets. These files are safe to commit to Git.
68 | You can see that they have been converted automatically to plain secrets with the command
69 |
70 | ```
71 | kubectl get secrets -n git-secrets
72 | ```
73 |
74 | ## How to deploy the application
75 |
76 | Note that the application requires all secrets to be present
77 |
78 | ```
79 | cd safe-to-commit/manifests
80 | kubectl apply -f . -n git-secrets
81 | ```
82 |
83 | Wait some time and then find the public IP of the loadbalancer of the application:
84 |
85 | ```
86 | kubectl get svc -n git-secrets
87 | ```
88 |
89 |
90 | If you now visit your application you will see it using the secrets:
91 |
92 | 
93 |
94 |
95 |
96 | See the [documentation page](https://codefresh.io/docs/docs/yaml-examples/examples/gitops-secrets/) for more details.
97 |
98 |
--------------------------------------------------------------------------------
/codefresh.yaml:
--------------------------------------------------------------------------------
1 | version: "1.0"
2 | stages:
3 | - "clone"
4 | - "test"
5 | - "build"
6 |
7 | steps:
8 | clone:
9 | title: "Cloning repository"
10 | type: "git-clone"
11 | repo: "codefresh-contrib/gitops-secrets-sample-app"
12 | revision: '${{CF_REVISION}}'
13 | stage: "clone"
14 | lint:
15 | title: "Linting"
16 | type: "freestyle"
17 | image: "golangci/golangci-lint"
18 | working_directory: "${{clone}}"
19 | fail_fast: false
20 | commands:
21 | - "golangci-lint run -v"
22 | environment:
23 | - GOPATH=/codefresh/volume/go
24 | - CGO_ENABLED=0
25 | stage: "test"
26 | build:
27 | title: "Building Docker image"
28 | type: "build"
29 | image_name: "kostiscodefresh/gitops-secrets-sample-app"
30 | working_directory: "${{clone}}"
31 | tags:
32 | - "latest"
33 | - '${{CF_SHORT_REVISION}}'
34 | dockerfile: "Dockerfile"
35 | stage: "build"
36 | registry: dockerhub
37 |
--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/codefresh-contrib/gitops-secrets-sample-app
2 |
3 | go 1.13
4 |
5 | require (
6 | github.com/smartystreets/goconvey v1.6.4 // indirect
7 | gopkg.in/ini.v1 v1.62.0
8 | )
9 |
--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
1 | github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
2 | github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
3 | github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
4 | github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
5 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
6 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
7 | github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
8 | github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
9 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
10 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
11 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
12 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
13 | golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
14 | gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
15 | gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
16 |
--------------------------------------------------------------------------------
/kubernetes-secrets.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codefresh-contrib/gitops-secrets-sample-app/361d39be560955145f1c144849317362dc85fee0/kubernetes-secrets.png
--------------------------------------------------------------------------------
/never-commit-to-git/decrypted/README.txt:
--------------------------------------------------------------------------------
1 | The whole point of this example is to use encrypted
2 | secrets in Git.
3 |
4 | Thus you should NEVER commit decrypted stuff in git.
5 | But just for demo purposes this directory contains
6 | the raw secrets for your convenience. This way you
7 | can compare what you see deployed in Kubernetes
8 | with the contents of this directory.
9 |
10 | In a real production application only the
11 | encrypted stuff MUST be committed in Git (see
12 | the manifests folder).
13 |
--------------------------------------------------------------------------------
/never-commit-to-git/decrypted/key.private:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICWgIBAAKBgGiKwkbJphr0ycbQIpuGpeFbikKzOhqTl1nzAljBoXv8SMDU3mYn
3 | 1GzdychEt7ytRAlZ0bqNlgU2PgyNHR4GpMhZAlcL7hiiMIntrSgNXVqLpRCPUP1e
4 | 3y+lxF1z7Jg6MBW0v+iUo+wfzRKy0pj7o9aL4EZCWIOES0v5LdR6eMvRAgMBAAEC
5 | gYAp3qlAwLKOSUwnHGU/9QWq5IbTgATdcA9GL1XZRnPuvHRHBvqr33fswkd2tk8A
6 | ekStmhOtq9dR7w+a50mqJO8J63fUN0X4opssDCHrhhyGkdZV/cYp8vJXLOjOsczy
7 | kv6bETD3FBDdwdga3zKadspgyYNPw4D/If5kPVmobfqvgQJBAK//Hi3Ya0vLqKKP
8 | VVUt/nFs3PZLD2f0w3dITWSOubZt6mlklVXu/7HJDaEeoAEacf8vuwOUYwF7H2F3
9 | d8YuljUCQQCYEGlUbWDKEWgMo2e/NO6SQI1JUbHL4dGzDJufDZ3pGfdU6hu4WSX8
10 | WqjZtKiZbSbfMzksqCsX3XSmtrIlKWKtAkA/FB/77IJgUykowliiQ+7bNlpnx/VI
11 | nBhmqzpZ3THAqdqHVa6UcymfzeCdq71LR/Attyy/FrL5d+iCZXA/Trk1AkBmvL/N
12 | MNDx9OytjUEs6CA/Y6mRXcaYDwvUwrHpthN4R/jYwArWdDS72Ky32d0HO73FkyAP
13 | 0da7mv2THWAix2FJAkBiFz5SPev1IEktiz12oC6xMcd6agr97U3xxqKDAFpO4tKh
14 | 3QFpK3CRweZbTok5hZ5vychoEyXKxCdKDp71i6XS
15 | -----END RSA PRIVATE KEY-----
--------------------------------------------------------------------------------
/never-commit-to-git/decrypted/key.pub:
--------------------------------------------------------------------------------
1 | -----BEGIN PUBLIC KEY-----
2 | MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGiKwkbJphr0ycbQIpuGpeFbikKz
3 | OhqTl1nzAljBoXv8SMDU3mYn1GzdychEt7ytRAlZ0bqNlgU2PgyNHR4GpMhZAlcL
4 | 7hiiMIntrSgNXVqLpRCPUP1e3y+lxF1z7Jg6MBW0v+iUo+wfzRKy0pj7o9aL4EZC
5 | WIOES0v5LdR6eMvRAgMBAAE=
6 | -----END PUBLIC KEY-----
--------------------------------------------------------------------------------
/never-commit-to-git/decrypted/paypal.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC1TCCAb2gAwIBAgIJALMFDqjH7s4FMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
3 | BAMTD3d3dy5leGFtcGxlLmNvbTAeFw0yMTA3MjIxMjQ1NTNaFw0zMTA3MjAxMjQ1
4 | NTNaMBoxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
5 | BQADggEPADCCAQoCggEBAPNqg9rVEFcvvzbbJmWPxTT9v0Y/sARkS52ro2w4aIIO
6 | R7B0KfU4mZ3T1CA/KAq0hASL6OI4Z0UzLzZro6K3kfwhsZ7A6ltC6AUIYuw4x/UZ
7 | Fx0Ah6w1aSb0GLRcsVGLCcb000bJ1naRAcJV7vmIEFxSivpHWE1nSo+ZJWCYG4mo
8 | NEA3oN0x6nywkxMtG7KpwFmfTbzLeN7y+txxT6Dq9EzQyZgTNTBbBH7MC28xwCBf
9 | rvIIuQ2vjZB/NIJcEv9GWzVlJTg5pWDwT1B4b5gbZFZQ+Q+mCU0Ddm9bWIG/jneq
10 | eV3z2BdGJxKsTnOtofJ0QgkXzQOv8K/GNkKliKUXp28CAwEAAaMeMBwwGgYDVR0R
11 | BBMwEYIPd3d3LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQA6Wudvrmbi
12 | wX9cK9sBZRwuvseeib+kYokCu3HbVe+NypYvUZLjnADm9W6krztpcKOwiFrHm0YW
13 | R+MEoWLuLs59oiuOkebjtGuSyVDTMI9y/IxN0rnGhMmcpoxoICK9IO/TqIfQrSuv
14 | bJFKUFsPHrFuv6IbmGDM7yhzNSwily5eckXOq/a6AxJ2OpJGJDnNol0kKQqS4rTr
15 | nV39yV8Gi1P2jGuSlhaTnGcVz97yyok4avfW1Mk4nMPZQ5DK3bRAmZQKTFq9T9ag
16 | WHbHGIYpfr9knTrEJAA6XmNj8ZvlUU8D6VccOeFydpF5hl5p0aoDJkoNXgMy4pnM
17 | VgFfNv2nw3gL
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/never-commit-to-git/unsealed_secrets/db-creds.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | type: Opaque
4 | metadata:
5 | name: mysql-credentials
6 | data:
7 | connection: bXktZGItY29ubmVjdGlvbi5leGFtcGxlLmNvbTozMzA2
8 | password: bXlmYW5jeXBhc3N3b3Jk
9 | username: bXlmYW5jeXVzZXI=
10 |
--------------------------------------------------------------------------------
/never-commit-to-git/unsealed_secrets/key-private.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | type: Opaque
4 | metadata:
5 | name: key-private
6 | data:
7 | key.private: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDV2dJQkFBS0JnR2lLd2tiSnBocjB5Y2JRSXB1R3BlRmJpa0t6T2hxVGwxbnpBbGpCb1h2OFNNRFUzbVluCjFHemR5Y2hFdDd5dFJBbFowYnFObGdVMlBneU5IUjRHcE1oWkFsY0w3aGlpTUludHJTZ05YVnFMcFJDUFVQMWUKM3krbHhGMXo3Smc2TUJXMHYraVVvK3dmelJLeTBwajdvOWFMNEVaQ1dJT0VTMHY1TGRSNmVNdlJBZ01CQUFFQwpnWUFwM3FsQXdMS09TVXduSEdVLzlRV3E1SWJUZ0FUZGNBOUdMMVhaUm5QdXZIUkhCdnFyMzNmc3drZDJ0azhBCmVrU3RtaE90cTlkUjd3K2E1MG1xSk84SjYzZlVOMFg0b3Bzc0RDSHJoaHlHa2RaVi9jWXA4dkpYTE9qT3NjenkKa3Y2YkVURDNGQkRkd2RnYTN6S2Fkc3BneVlOUHc0RC9JZjVrUFZtb2JmcXZnUUpCQUsvL0hpM1lhMHZMcUtLUApWVlV0L25GczNQWkxEMmYwdzNkSVRXU091Ylp0Nm1sa2xWWHUvN0hKRGFFZW9BRWFjZjh2dXdPVVl3RjdIMkYzCmQ4WXVsalVDUVFDWUVHbFViV0RLRVdnTW8yZS9OTzZTUUkxSlViSEw0ZEd6REp1ZkRaM3BHZmRVNmh1NFdTWDgKV3FqWnRLaVpiU2JmTXprc3FDc1gzWFNtdHJJbEtXS3RBa0EvRkIvNzdJSmdVeWtvd2xpaVErN2JObHBueC9WSQpuQmhtcXpwWjNUSEFxZHFIVmE2VWN5bWZ6ZUNkcTcxTFIvQXR0eXkvRnJMNWQraUNaWEEvVHJrMUFrQm12TC9OCk1ORHg5T3l0alVFczZDQS9ZNm1SWGNhWUR3dlV3ckhwdGhONFIvall3QXJXZERTNzJLeTMyZDBITzczRmt5QVAKMGRhN212MlRIV0FpeDJGSkFrQmlGejVTUGV2MUlFa3RpejEyb0M2eE1jZDZhZ3I5N1UzeHhxS0RBRnBPNHRLaAozUUZwSzNDUndlWmJUb2s1aFo1dnljaG9FeVhLeENkS0RwNzFpNlhTCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t
8 |
9 |
10 |
--------------------------------------------------------------------------------
/never-commit-to-git/unsealed_secrets/key-public.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | type: Opaque
4 | metadata:
5 | name: key-public
6 | data:
7 | key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0dpS3drYkpwaHIweWNiUUlwdUdwZUZiaWtLegpPaHFUbDFuekFsakJvWHY4U01EVTNtWW4xR3pkeWNoRXQ3eXRSQWxaMGJxTmxnVTJQZ3lOSFI0R3BNaFpBbGNMCjdoaWlNSW50clNnTlhWcUxwUkNQVVAxZTN5K2x4RjF6N0pnNk1CVzB2K2lVbyt3ZnpSS3kwcGo3bzlhTDRFWkMKV0lPRVMwdjVMZFI2ZU12UkFnTUJBQUU9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
8 |
9 |
10 |
--------------------------------------------------------------------------------
/never-commit-to-git/unsealed_secrets/paypal-cert.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | type: Opaque
4 | metadata:
5 | name: paypal-cert
6 | data:
7 | paypal.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMxVENDQWIyZ0F3SUJBZ0lKQUxNRkRxakg3czRGTUEwR0NTcUdTSWIzRFFFQkJRVUFNQm94R0RBV0JnTlYKQkFNVEQzZDNkeTVsZUdGdGNHeGxMbU52YlRBZUZ3MHlNVEEzTWpJeE1qUTFOVE5hRncwek1UQTNNakF4TWpRMQpOVE5hTUJveEdEQVdCZ05WQkFNVEQzZDNkeTVsZUdGdGNHeGxMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQVBOcWc5clZFRmN2dnpiYkptV1B4VFQ5djBZL3NBUmtTNTJybzJ3NGFJSU8KUjdCMEtmVTRtWjNUMUNBL0tBcTBoQVNMNk9JNFowVXpMelpybzZLM2tmd2hzWjdBNmx0QzZBVUlZdXc0eC9VWgpGeDBBaDZ3MWFTYjBHTFJjc1ZHTENjYjAwMGJKMW5hUkFjSlY3dm1JRUZ4U2l2cEhXRTFuU28rWkpXQ1lHNG1vCk5FQTNvTjB4Nm55d2t4TXRHN0twd0ZtZlRiekxlTjd5K3R4eFQ2RHE5RXpReVpnVE5UQmJCSDdNQzI4eHdDQmYKcnZJSXVRMnZqWkIvTklKY0V2OUdXelZsSlRnNXBXRHdUMUI0YjVnYlpGWlErUSttQ1UwRGRtOWJXSUcvam5lcQplVjN6MkJkR0p4S3NUbk90b2ZKMFFna1h6UU92OEsvR05rS2xpS1VYcDI4Q0F3RUFBYU1lTUJ3d0dnWURWUjBSCkJCTXdFWUlQZDNkM0xtVjRZVzF3YkdVdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUE2V3VkdnJtYmkKd1g5Y0s5c0JaUnd1dnNlZWliK2tZb2tDdTNIYlZlK055cFl2VVpMam5BRG05VzZrcnp0cGNLT3dpRnJIbTBZVwpSK01Fb1dMdUxzNTlvaXVPa2VianRHdVN5VkRUTUk5eS9JeE4wcm5HaE1tY3BveG9JQ0s5SU8vVHFJZlFyU3V2CmJKRktVRnNQSHJGdXY2SWJtR0RNN3loek5Td2lseTVlY2tYT3EvYTZBeEoyT3BKR0pEbk5vbDBrS1FxUzRyVHIKblYzOXlWOEdpMVAyakd1U2xoYVRuR2NWejk3eXlvazRhdmZXMU1rNG5NUFpRNURLM2JSQW1aUUtURnE5VDlhZwpXSGJIR0lZcGZyOWtuVHJFSkFBNlhtTmo4WnZsVVU4RDZWY2NPZUZ5ZHBGNWhsNXAwYW9ESmtvTlhnTXk0cG5NClZnRmZOdjJudzNnTAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
8 |
9 |
10 |
--------------------------------------------------------------------------------
/safe-to-commit/manifests/deployment.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: gitops-secrets-deploy
6 | spec:
7 | replicas: 1
8 | selector:
9 | matchLabels:
10 | app: gitops-secrets-app
11 | template:
12 | metadata:
13 | labels:
14 | app: gitops-secrets-app
15 | spec:
16 | containers:
17 | - name: gitops-secrets-app
18 | image: docker.io/kostiscodefresh/gitops-secrets-sample-app:latest
19 | imagePullPolicy: Always
20 | ports:
21 | - containerPort: 8080
22 | volumeMounts:
23 | - name: mysql
24 | mountPath: "/secrets/mysql"
25 | readOnly: true
26 | - name: paypal
27 | mountPath: "/secrets/ssl"
28 | readOnly: true
29 | - name: sign-keys
30 | mountPath: "/secrets/sign/"
31 | readOnly: true
32 | livenessProbe:
33 | httpGet:
34 | path: /health
35 | port: 8080
36 | readinessProbe:
37 | httpGet:
38 | path: /health
39 | port: 8080
40 | volumes:
41 | - name: mysql
42 | secret:
43 | secretName: mysql-credentials
44 | - name: paypal
45 | secret:
46 | secretName: paypal-cert
47 | - name: sign-keys
48 | projected:
49 | sources:
50 | - secret:
51 | name: key-private
52 | - secret:
53 | name: key-public
54 |
--------------------------------------------------------------------------------
/safe-to-commit/manifests/service.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: gitops-secrets-service
5 | spec:
6 | type: LoadBalancer
7 | selector:
8 | app: gitops-secrets-app
9 | ports:
10 | - protocol: TCP
11 | port: 80
12 | targetPort: 8080
--------------------------------------------------------------------------------
/safe-to-commit/sealed_secrets/db-creds.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "SealedSecret",
3 | "apiVersion": "bitnami.com/v1alpha1",
4 | "metadata": {
5 | "name": "mysql-credentials",
6 | "namespace": "git-secrets",
7 | "creationTimestamp": null
8 | },
9 | "spec": {
10 | "template": {
11 | "metadata": {
12 | "name": "mysql-credentials",
13 | "namespace": "git-secrets",
14 | "creationTimestamp": null
15 | },
16 | "type": "Opaque",
17 | "data": null
18 | },
19 | "encryptedData": {
20 | "connection": "AgCyQ9gfy/4/n8xISHmHsDIMqabbmU9R70U7e97QgcgTWgvvAqawTqPzkqgPQs+/lvDVAQx5OpudB40HItQtUdyhUt8hIGv7FnkeRxKMm+H3GuTOM2Y5SDbtuILYQC0dmHECQ/OQ212SkPKFDVkd0fOlU4/leb9UNIry4984qiLEkFJo9owfZuVTIDuXTjAnItGs5DoVZRweqtBoknFLBi2hlZVR2UCFtB56T6nogeBw1ztJH/xOC/2hPFexl4tb9ljwrlars2w2HBKS5QoNzIaH46l3uprQmCoHAxuEQxCQITs8qeNK/yRD71GC86+4Wt2wP3ZPeEDmgmGmFHgWb2zpo7B1vsGbR0YR00UF0Tj2usUaoXmYlI/A2i1earei9COTIw7jVvIKppE/6euHr/nvsRt6KjWJQ7tgwraHyj5DF6cf1KTYkDvn22pfP+STEDw9Gvfb8A6CJoPDfC6YU35eCRNHO7SRwGYFquvHtBvyH/qcmjPOxMCgVpxKHwCdounDTCQRDfi6jrfEGGgSMl7GI39DZCmt/S0A9OEw9yjKJbKJuNROwTuGG+SgbbTUzlYmizHA3moN/ClbTXMnpd8vy1pZo8UvrTdXMUDXzTUXTlxf1HPz2BQtSLDzckuSqLp+5U1eTIdftaNgCzTiZF+9+Q3BSpH7DNdSSUBxMuZTHO8E17XonULnc81Gl/ASs2+QURJRGiOOv8ucw6+oRCadnfkUWp7q+PDJRuNm4Xp6EGU=",
21 | "password": "AgBZoUtj27BiSIBpANX2fU7x2TAu+GB5VT+uwGyE81jTDcae4P1a4F/oZm/q9Vf/GGxmmmr2pQxjrdd/jrXdkowXnsWrEadvg4jAXXN7AdVOMpEl6eZv6ISUGELTzII6WL856BVlwMGdenOtW/eYuMHZfg8ogLn1+kGhF/aNjriJOXq7VJ/dVe6nfYCgcaiDangpYT5ZxN+S/bsM6ayIAjon+XKd1/mSSGMrT1YyoekJ8KaYF7Ngz54AmoCCiWpWOeaSByR6CaN793lATL8W2OLvGo72eDlGpTIYDlfgLcwJi6lQ0k8ZUNNgb8GoGMj9Wm8McE5B4QB38uYXt1FrNUXGNLTJF8cM1kFuLJeyj+eE4srDyA116RdLyFunQles6u+ovzB7UVwpL+B4fbsKrCjJoW/H73HObmvKsNPpJbRFip0afCV5Nn2vdikUam9VbKAu60DgEpxo2fsnwHccJ1bz7Z1vgsVdtgaTK4rJaJJnVqV0qE89bPa8qJo8bBoFE4ZqZWrHRpNMYvo09fzh3+gGpPhSTyCwy7OwimtqwErufNpdhv/7VEAQTcUfvtH2Zy557wMlVUhbUwXucIbVF3qagm/MlxCNnY3oBIyNjwRC0SZ/8unh+i/3QRMtjZynXJ5TjGMES/KHBD0oerHDAoTDZ9hntTLhhzlAKP+/uWawdk71GRTOj7RQomjpXs/v9f8j4CyK/b+BZMRhiwJeakE=",
22 | "username": "AgBB96gqlLPt1+B8Js2g5DixTJ3zw2/5iU1wDPHEOCfe3k3mNkIB8tckuOPeIoH4bMlYA/qv9uUq6v+KyWNuf4Kc4dKX4YXdpJ8KHQAQBt9kVsS3+wbAmGNPwM67O+6555oJRIQ8gD++/Lymidb5Zei6LeHhrtPPIuIKaE8oSylmT9ygtQc2gNLJv0rEquUp+8ijN8+ZqoCUiLyedPm1sojxvUGhfyL0qbq55GICZ0ymjksnYBiPP0/bzxVG1pZK87oVBMUWLjyZg496z5GMcInoCdqpEC40pRYvYdoAIsGOreyE39nq17ONINfFJMAm9sfaz9dqmSw22/b5oHYH5Wh4XxhepwH7VsOnDxlY+8TJbo7C/LMWCAlIPjBx4aQGyDljLKCOYU5izLuub0gZUntEpKTXK7QBjfzk+uL0T46VLQZHcNuvcuEiBMpF1b6b1xmgp2GxZYxHsrBS93gn0LNhGMWDpuMTMlVgvfo6rGgkPg9KomvFd/V3/60YFqZcPlex3bPb3k2PCZ0ffTSEo4aXlS/px1ofdnDWJO0QR6d8haikfFYRlHgMhXPdXZertyjGjXOioVAI8WR7BQli2Ac9jX/JjQdeA7l6TpNcsF0HhJ8KmCrvQvoysaZ+NtWNMl94S+nbXQ+f6Rb7sn2b4WVwhM8PL3ZCCLjFPO1HwbTjkHJE97N0dsOD0oLpznPX0JYUajvE1ApRAnNkfw=="
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/safe-to-commit/sealed_secrets/key-private.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "SealedSecret",
3 | "apiVersion": "bitnami.com/v1alpha1",
4 | "metadata": {
5 | "name": "key-private",
6 | "namespace": "git-secrets",
7 | "creationTimestamp": null
8 | },
9 | "spec": {
10 | "template": {
11 | "metadata": {
12 | "name": "key-private",
13 | "namespace": "git-secrets",
14 | "creationTimestamp": null
15 | },
16 | "type": "Opaque",
17 | "data": null
18 | },
19 | "encryptedData": {
20 | "key.private": "AgCgxWHJSF7jw/7Oik3v0IFje/XPw3quzhVSolvqC9CLISvGDUOZPkdR2Ywj3dKJ6e+j+Pb5E+4SGL7XTLWxehBbGr4Ztj6h5ExcC+Nf0auDwmBunrOx7qZwDRitYbpDG5FLr4v26C30/LEdcDKI/aKb47DlQ5eilKz67BellJOq+/Nd5C4HxTwGNiwHKE9GIX4yKol6Zt5WSRSyqu1qlCwRNjqOvBH2eksi6+2+5jpFP8bKauLIVwUeFpKsc9+8bzjdbgOrC7vSZSPJgQlaqOa7xrMM7L3g/Ly2DtMw9/i80KKNTauwWB9MDEnyEsUJId6Mkyb7rR1W/dK2gaRC9wl7Vusko2P5rItslXl03vl3zE3U/E1o9rZF9eWkenJ2KVcboee4bMmQ3vFsAqNKMZDgVcOrXoZ8pFTmoRuw8NLJdsRrj2SDkZpduI0X9IZwe7/0mmAYF8E2XPinHl0lVhKOSatPGz7sN0VCZ82DH8cbJ3qxhZE+ZT8uMuevqpRjEEbetL4XUYQhTUjKMwF1vah6zGKf0eAg2WnRPHN7AFP36f7TsbRrgx3glP5/wQH7hhTZiGJv2nRVqn0dTX8VMNzQAFLalfUXqnAwrRpy47Oih6Gq98cb6LxLrfQwlEaVBNliqR4m3EsOM6nFoFugXUZjd/sqw3AXFhZ9zxLBRPcOC+srSWBfK9yu5lBl9NVHZWlT4kSF0KQ3xoUFo+agS4IIHkwZT75XumLwPWtXe/O+sCiO12z/DfgE/mkcNvIUWxG0HMePcmb9RqgMP1o7UKG3EV6DZg+ELHzeEYQZ2eiq3p/6QEXnkg4XYygziAgWlpQr0zSDWtgJT4oY9O2LNaK8eHmIb5r7PkdHyMbrLVSnudw2I9/3yIJ53z+NMxrLoMneb1bfovzkksCaA8+/AR9lCLQGw9Nc2/cIzvnOt8pgULX9y3G5SzCaVSXHDhpS/Dl46Dy8Ou4Fjyk4IDytx3MpV8p/oXdviR2kVq+jVf/2oDObspl4CdLPTL0Nj5Cukk5jx7ZB5bSM4tmXYudcuyuHAIwv+ww0o3T8L3ZYGSu0Dcsje7dfuI08b42KJmu5YdkiiAdTwePfCnafihbq9kHpiQbZt8qReFo/fUFauIFV0mUiME82pKWgeUUh1ESkWd8lKf8KnFCE3VgxEoloDVHoTDrQLPJD0qDh1yRCTyHm4EkUdn8iIjrUB8eyyr+EO7U5nJskijwWa0r0jzGq2cv/GUBsTflbIIxpw409Lmbf7whqOR2mkFFlx2xijBDqO335anypf10TXJD/gcD5E+KG3yij6P4g6l8Iiol0rrVwkfoSNa7LW9MG/Dvk5CXd2K1Fhn0SkGbWLQXNuLA63f5RakFomO0JKukGdWp8/ssIuuvLmJbFAPIyAgWnXnnsIRriWjkXEruTOs6/DDp45K5Af/YX8JgUxx4jG72Ch20rkv7KWleGs30mcpVArVH89ptrywydSEUgUIN/8ckRGxkVg6104iFrs8OEzHBrUqrNBHHx3UD71GFCqJnjRyViLVhraqVsLlN+UD5pdJhRAx67+FIlC25owmPSuuSEDkhYa26P49hEG9RRUk0RzPnjkpKDG8VUCi1m8fVNU0yPxvP9qpQqz1KKrwTY7eFh7+DKZf3S5f6MHOXZPGklpBYj1pXOH5ZYdywfy0cuKx5GvxrSA5/Stu+r4xZLPJX61otyWI8WvWdpTcv2ag0UEeGeu5nrm6L/S7LvFoZg/faE1OHbuzoSanwzRo95gyJsCRYEYzVTvoIDlYisUtH6oi69uGps91KDYDsiuUcfogL7bbHC9J3us3Ez8I4mF3OjHw4/p1b7v/e25c9pAsJbqm9ghdsdQUPi3Y539huAHX93rgn3gG0="
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/safe-to-commit/sealed_secrets/key-public.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "SealedSecret",
3 | "apiVersion": "bitnami.com/v1alpha1",
4 | "metadata": {
5 | "name": "key-public",
6 | "namespace": "git-secrets",
7 | "creationTimestamp": null
8 | },
9 | "spec": {
10 | "template": {
11 | "metadata": {
12 | "name": "key-public",
13 | "namespace": "git-secrets",
14 | "creationTimestamp": null
15 | },
16 | "type": "Opaque",
17 | "data": null
18 | },
19 | "encryptedData": {
20 | "key.pub": "AgBgaWsin5wA7VneWAup7EHyF/xf7Hn/A325TRuRn07OAGo7GYK6tzNwcHWOq517jstyWt9E0Q+s4zybPbMPollSaQJhEtWJ3JGModN9lEbCXR+TthPPg9A5SklfL6Wfs1Wt3rz+Ctp6Bjj8coqYyvUSL71slUr8O950Bd/E04WDIMOlVZPL0xP23Q/lel45Y6ByPMbJ/biqnnlELNJFrBqxEpHnCum1jgOc/eDfa4gUTdEpwEd7uqWUATO+EzLTGGl5dzNOb14GbdHOQt304u+U6FXYCclX2GGlKeJ1beOuXj7E6y9P2Jf11SXAksrc0C7Jbvzi1+MIgTPtWbd3ET1FDcLPCmyVmGvkyidNphIUBd+D/hsr9hbbSk4DFNjlog8zRY78Rv3Xky1aIpt3hC/4YWJxOlyGRH5X2sGLyXQEopuSu5zyWifSP3ihN71dyz3oI02JS6Ttvwdg5kD3Y70rYfHWuDPgbUiXUJEvdus8A8RCf4NLXVyzNRXrbUtPqXcrB5sdgmqfnt/be0XvHfmvLA+4eQIyQEP8L7i4thqZoi0guCp8lr/b1x1vgQXJdgILVXKMuvXVK1bXfq09fNtzaqTFGk112SiDSEzcWggv1K6p48yZIZ63Aw+sItmFPavsRYfECpUU7rYIuab9Vw21Y6dbEbs6ewm0+ynADbslxOD6sa2vvJRdrz6FWGClYoHuxw/USP9FESWL9Ym/69dQ4ReSG0O1QVdyW7ETj870JvG4BvTdnB4Zwhl8epeMvdB59EU+50tNvqY56FhtFuGXLLWHbY2hw1OqkaIM2q6Q9OuB4oEhepp/xptVJWfkFdEvMcyEBoMsjyXndldcsbRCFuVchsw1SMUdwl+UkxLICFuCR0XO2nn43oHNryD0pFj2PPily1A8K01J8MfD2jG1KpCUIWjM5A53Qco4jTWxiWdM4GZ32He9/uwcQJ/1eoSAYD/LYUVKU6PxiwF5l3hIG0C+ShX5/U7rQYrVduON4EHJ9NwTa9NbUbrUuMFeHQsmF6yNon4M7s5W/eZbqaKhzCs/jsue9W3NsQLC/XQG"
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/safe-to-commit/sealed_secrets/paypal-cert.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "SealedSecret",
3 | "apiVersion": "bitnami.com/v1alpha1",
4 | "metadata": {
5 | "name": "paypal-cert",
6 | "namespace": "git-secrets",
7 | "creationTimestamp": null
8 | },
9 | "spec": {
10 | "template": {
11 | "metadata": {
12 | "name": "paypal-cert",
13 | "namespace": "git-secrets",
14 | "creationTimestamp": null
15 | },
16 | "type": "Opaque",
17 | "data": null
18 | },
19 | "encryptedData": {
20 | "paypal.crt": "AgCXcCPkGZP9HHak+c1073leqrF4jurDZyfVI9wHNp8rFidKMdnKWxX0Nk1X3GnJroh2IOH36DNLZNGjmuaNNR+ebgny7qz2v6ruzyBacjZJ5swhb75td508oOuxKvlnXFgul0RoMdg98r/u1CZxmuIsItlHImVARwAOVcSILRuKVWpWoya28OzOqfc9tUN7hV1wOF2OhcYigvEs6MFDNmPblRVZ6P+/CyIJthMOHCptYBCEbk8ldMppPNB0inkZ8F6A8j1Z8IlcXE96uWvsEG2nvPIw3Wk+fJrWnj1TmxvNhp4OmdoGrW+nPc7R8AxkuFjcKPlOHe9ILmwAJwixzI0XUMMZZ0P0TI7QwXlf333au3i9VxW3Ef4MCqfNCoPanhG0kwlhZ7F8AkMJ1JOybwbLynIEdLym7SABd3pnFiTmUZCkXckHaogYqAlZisUpZsJEjGRk0XDk8QBJKzVzO7q2azO7kn8kUCa0z5MQbo152NWpZ/XvMM45ls3Usoh2OBNjCU+jZhR/CE7iZ/1AcIkEfjUAxi+6HlSlEFCK+WOfte25px40bD35okGGPkXHsDIO1XyB55MUiEB+zM/oanLfkk6+ysQ2wpm5CwLAdrDZYH3w8YtUTknnS1APmhoc5U7ZeiPJx6X4mEiM0lgjprwQjh29+cSfNJNCvoDxXw2LGb433WCX3QbiANzCaoiFeH3Xtho6ipHQEA/XtdhIqrSqF/4XOs8i2m6kRP/sKbALoyd15rBOCFKlDvo4ZNI8yr6T8SABztb1FtDOFlNjvcF42tX2L/lC5HqXV66Av2JNK9AS22+oq1GwEyZmjgot8orozqUhbzqpwBbB+ftytq8o2xsd+oxg7TaxU+BUANp3GUTlCVEAuqc3Nw2UZJqpSejkg+/p0unUnzcIoD4VvJ0fFy/kq92TNlmbbWJ96zUX22dIqakzor57/84uc7F5g7AYdfZiHazP9ipyjA6PnWi4HSROpJBPaH5ZgMSGYUfF/2S+lY66E2vce/bIM0qmq7XFrO69BAMEMup4tb3u5reeSg+GSYLczMYHAbX2uAwtGlXaSnuVBBEyaHmaT3j4AaPelezxp+v7dWtKb86I+xWL2+lY2mdPXVbwZwY5XqNwYkf4N4F7Q4SBW2MWnAmgLuSbpzK5Hl5ZQ4ESngnl1jlIzbUvQYxxs5AYuHF/e9lCJ4/S6oP01Pkw4rmvtZOWpoAwTR6uJBzRSRRvZeKiCv1A9Ldf0Bp2X080zIP/Qe7SWIA52PJqp2Dt+vHA+Tqk0/IIw3gSArqCH9qbjARJe8lYYuf15i9oPNFixApR2bXEvHc+Nd90dklMYmOHVn5r0/ISgKykg9fN0wdIXc4dNHSjkTK2SNljsbgR26l1ilpG6+3EfawMsdTD1MjZrHCPGo8stksb3j1RfmcjK6LgTjh6/IAuC5fYjIy6b5lba+sWOO7amG/kMzrbXC0PPZtXYBED7kiu6T4F1TyQ+oVhjAaNnW1THMf2pUXYbrHCLAKd5YX/mtHpde8Fi096JqPP8ZhfAfjP4655vQyjTHVuwQ8Jz3MwCgHPoR97iwfud4HWQJbFAzROfb5t9HhWDPfcjkNbgQs4b8GQUhYJoSE/PnlyLlT74AMkFEvdYVSZtmxxHkhoQxW4ff2ZbWKsEv3coE9L3EOwaiJKu4DpfBvl4gjUdy8sLjpqrmD9fs97bxEN5IYtbWfPAky1G9eo4BbDeoacncj5TfsbGR+rLbOLHgUIULStNhHCOIJD8mKhwCNATiEziFegg9cV2H5W2AJz8XnA+lIthfCBnwmX3p5QFoJIVF+TIfkzlpI3XCjq4uRPfhvshq+UpHz/dkPKS1PdWssIVz48Dlpj/NLYFBW8nxnwQHoWMxvI42jUN7USWNcdnEr7IJUgxuRW9bxEZTdvEA1XUxBFC/kuD2s9MRC4EgRiHHQBtkx10cGlN93ZOBap0AAYu7RQp7BLNe4x6Fp+1xhuSdJsK63R4F1+1UYIHP3+IZIMYClIqbGFtYjSBDvddNL1ZSpKFYKDPJ5D+aYQqrKOWclWgzCTuC98MqqVIMAget/YPQyIawyIHy4RgQbRs5b2"
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/settings.ini:
--------------------------------------------------------------------------------
1 | # possible values : production, development, staging, qa
2 | app_mode = development
3 |
4 | [security]
5 | # Path to key pair
6 | private_key = /secrets/sign/key.private
7 | public_key= /secrets/sign/key.pub
8 |
9 | [paypal]
10 | paypal_url = https://development.paypal.example.com
11 | paypal_cert=/secrets/ssl/paypal.crt
12 |
13 | [mysql]
14 | db_con= /secrets/mysql/connection
15 | db_user = /secrets/mysql/username
16 | db_password = /secrets/mysql/password
17 |
18 |
--------------------------------------------------------------------------------
/simple-web-server.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "fmt"
5 | "io/ioutil"
6 | "net/http"
7 |
8 | "gopkg.in/ini.v1"
9 | )
10 |
11 | type configurationListHandler struct {
12 | appMode string
13 | privateKeyPath string
14 | publicKeyPath string
15 | paypalURL string
16 | paypalCertPath string
17 | dbCon string
18 | dbUser string
19 | dbPassword string
20 | }
21 |
22 | func (h *configurationListHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
23 | w.Header().Set("Content-Type", "text/html; charset=utf-8")
24 | fmt.Fprintf(w, "I am a GO application running inside Kubernetes.
My properties are:
")
25 | fmt.Fprintf(w, "- app_mode: "+h.appMode+"
")
26 | fmt.Fprintf(w, "- private_key: "+h.privateKeyPath+"
")
27 | fmt.Fprintf(w, "- public_key: "+h.publicKeyPath+"
")
28 | fmt.Fprintf(w, "- paypal_url: "+h.paypalURL+"
")
29 | fmt.Fprintf(w, "- paypal_cert: "+h.paypalCertPath+"
")
30 | fmt.Fprintf(w, "- db_con: "+h.dbCon+"
")
31 | fmt.Fprintf(w, "- db_user: "+h.dbUser+"
")
32 | fmt.Fprintf(w, "- db_password: "+h.dbPassword+"
")
33 | fmt.Fprintf(w, "
")
34 |
35 | fmt.Fprintf(w, " Private Signing key
")
36 | fmt.Fprintf(w, " %s
", readFileToString(h.privateKeyPath))
37 |
38 | fmt.Fprintf(w, " Public Signing key
")
39 | fmt.Fprintf(w, " %s
", readFileToString(h.publicKeyPath))
40 |
41 | fmt.Fprintf(w, " Paypal cert
")
42 | fmt.Fprintf(w, " %s
", readFileToString(h.paypalCertPath))
43 |
44 | fmt.Fprintf(w, " Mysql URL
")
45 | fmt.Fprintf(w, " %s
", readFileToString(h.dbCon))
46 |
47 | fmt.Fprintf(w, " Mysql username
")
48 | fmt.Fprintf(w, " %s
", readFileToString(h.dbUser))
49 |
50 | fmt.Fprintf(w, " Mysql password
")
51 | fmt.Fprintf(w, " %s
", readFileToString(h.dbPassword))
52 |
53 | }
54 |
55 | func healthHandler(w http.ResponseWriter, r *http.Request) {
56 | fmt.Fprintf(w, "OK\n")
57 |
58 | }
59 |
60 | func main() {
61 |
62 | cfg, err := ini.LooseLoad("/config/settings.ini", "settings.ini")
63 | if err != nil {
64 | fmt.Printf("Failed to read configuration file: %v", err)
65 | }
66 |
67 | fmt.Println("App Mode:", cfg.Section("").Key("app_mode").String())
68 |
69 | clh := configurationListHandler{}
70 | clh.appMode = cfg.Section("").Key("app_mode").String()
71 | clh.privateKeyPath = cfg.Section("security").Key("private_key").String()
72 | clh.publicKeyPath = cfg.Section("security").Key("public_key").String()
73 | clh.paypalURL = cfg.Section("paypal").Key("paypal_url").String()
74 | clh.paypalCertPath = cfg.Section("paypal").Key("paypal_cert").String()
75 | clh.dbCon = cfg.Section("mysql").Key("db_con").String()
76 | clh.dbUser = cfg.Section("mysql").Key("db_user").String()
77 | clh.dbPassword = cfg.Section("mysql").Key("db_password").String()
78 |
79 | fmt.Println("Simple web server is starting now on port 8080...")
80 |
81 | http.Handle("/", &clh)
82 | http.HandleFunc("/health", healthHandler)
83 |
84 | err = http.ListenAndServe(":8080", nil)
85 | if err != nil {
86 | fmt.Printf("Failed to start server at port 8080: %v", err)
87 | }
88 | }
89 |
90 | func readFileToString(filename string) string {
91 | data, err := ioutil.ReadFile(filename)
92 | if err != nil {
93 | return "Could not read " + filename
94 | }
95 | return string(data)
96 | }
97 |
--------------------------------------------------------------------------------