-
Notifications
You must be signed in to change notification settings - Fork 0
/
.envrc
108 lines (86 loc) · 4.39 KB
/
.envrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#! /usr/bin/env bash
# DO NOT WRITE SECRETS IN HERE
## milmove-db-test variables
export TEST_DB_HOST="localhost"
export TEST_DB_NAME="test_db"
export TEST_DB_USER="postgres"
export TEST_DB_PORT="5433"
export TEST_DB_PASSWORD="mysecretpassword"
export TEST_DB_URL="jdbc:postgresql://${TEST_DB_HOST}:${TEST_DB_PORT}/${TEST_DB_NAME}?user=${TEST_DB_USER}&password=${TEST_DB_PASSWORD}"
# Apache variables
export PROVIDER="org.apache.ws.security.components.crypto.Merlin"
export CLIENT_PROPS_FILE_PATH="src/main/resources/client_sign.properties"
required_vars=()
var_docs=()
# Declare an environment variable as required.
#
# require VAR_NAME "Documentation about how to define valid values"
require() {
required_vars+=("$1")
var_docs+=("$2")
}
# Check all variables declared as required. If any are missing, print a message and
# exit with a non-zero status.
check_required_variables() {
missing_var=false
for i in "${!required_vars[@]}"; do
var=${required_vars[i]}
if [[ -z "${!var:-}" ]]; then
log_status "${var} is not set: ${var_docs[i]}"
missing_var=true
fi
done
if [[ $missing_var == "true" ]]; then
log_error "Your environment is missing some variables!"
log_error "Set the above variables in .envrc.local and try again."
fi
}
#############################
# AWS VAULT SETTINGS #
#############################
export AWS_VAULT_KEYCHAIN_NAME=login
#############################
# Load Secrets from Chamber #
#############################
# Make Chamber read ~/.aws/config
export AWS_SDK_LOAD_CONFIG=1
# Make Chamber use the default AWS KMS key
export CHAMBER_KMS_KEY_ALIAS='alias/aws/ssm'
# Make Chamber use path based keys ('/' instead of '.')
export CHAMBER_USE_PATHS=1
# Sets the number of retries for chamber to 20.
export CHAMBER_RETRIES=20
# Loads secrets from chamber instead of requiring them to be listed in .envrc.local
if [ -e .envrc.chamber ]; then
# Loading secrets from Chamber can take a while. Prevent direnv from
# complaining.
export DIRENV_WARN_TIMEOUT="20s"
# Evaluate if the files have drifted
if ! cmp .envrc.chamber .envrc.chamber.template >/dev/null 2>&1; then
log_error "Your .envrc.chamber has drifted from .envrc.chamber.template. Please 'cp .envrc.chamber.template .envrc.chamber'"
fi
source_env .envrc.chamber
else
log_status "Want to load secrets from chamber? 'cp .envrc.chamber.template .envrc.chamber'"
fi
# Load Keypair Secrets
require TRDM_LAMBDA_MILMOVE_KEYPAIR_BASE64 "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm-lambda-dev trdm_lambda_milmove_keypair_base64'"
require TRDM_LAMBDA_MILMOVE_KEYPAIR_KEY "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm-lambda-dev trdm_lambda_milmove_keypair_key'"
require TRDM_LAMBDA_MILMOVE_KEYPAIR_ALIAS "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm-lambda-dev trdm_lambda_milmove_keypair_alias'"
require TRDM_LAMBDA_MILMOVE_KEYPAIR_TYPE "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm-lambda-dev trdm_lambda_milmove_keypair_type'"
require TRDM_LAMBDA_MILMOVE_KEYPAIR_FILEPATH "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm-lambda-dev trdm_lambda_milmove_keypair_filepath'"
require SNS_TOPIC_ARN "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm-lambda-dev sns_topic_arn'"
require TRDM_S3_BUCKET_NAME "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm_s3_bucket_name'"
require TRDM_TRUSTSTORE_KEYSTORE "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read trdm_truststore_keystore'"
require SNS_FORCE_PUBLISH "See 'DISABLE_AWS_VAULT_WRAPPER=1 AWS_REGION=us-gov-west-1 aws-vault exec transcom-gov-dev -- chamber read sns_force_publish'"
##############################################
# Load Local Overrides and Check Environment #
##############################################
# Load a local overrides file. Any changes you want to make for your local
# environment should live in that file.
if [ -e .envrc.local ]
then
source_env .envrc.local
fi
# Check that all required environment variables are set
check_required_variables