Vault configuration service provider

A HashiCorp Vault service provider for the Ruby configuration service API defined by ConfigurationService::Base from the configuration_service gem.

The provider is defined in ConfigurationService::Provider::Vault. It is registered against the ConfigurationService::ProviderRegistry with the identifier “vault”.

The provider’s fulfillment of the API is tested using the configuration_service gem’s declarative specification implemented with cucumber. This package includes an extension of ConfigurationService::Test::OrchestrationProvider called ConfigurationService::Test::VaultOrchestrationProvider, which is registered against the ConfigurationService::Test::OrchestrationProviderRegistry with the identifier “vault”.

Usage

Our main.rb (or config.ru or whatever) is simple:

require 'bundler'
Bundler.require(:default)

config_service = ConfigurationService::Factory::EnvironmentContext.create
config = config_service.request_configuration

$stderr.puts "Using configuration #{config.identifier} #{config.metadata}..."
acme_config = AcmeConfig.new(config.data)
acme_config.validate!
AcmeApplication.new(acme_config).run

We specify the configuration_service-provider-vault gem in the / bundler Gemfile:

source 'https://rubygems.org'

gem 'configuration_service-provider-vault'
gem 'acme_application'

Then we use the process environment to configure the configuration service factory:

CFGSRV_IDENTIFIER="acme" \
CFGSRV_TOKEN="0b2a80f4-54ce-45f4-8267-f6558fee64af" \
CFGSRV_PROVIDER="vault" \
CFGSRV_PROVIDER_ADDRESS="http://127.0.0.1:8200" \
bundle exec main.rb

Note that main.rb is completely decoupled from the selection of provider and provider configuration. We could swap out the Vault provider for some other provider by manipulating only the Gemfile and the environment.

Ruby support

The following are the minimum versions of Ruby tested to work:

  • MRI ruby-2.0.0 with openssl-1.0.1d or later

  • jruby-9.0.0.0 with jruby-openssl-0.9.7

At the time of writing, some Linux distributions, OSX and several old binary rubies used by rvm, link ruby to too-old a version of openssl.