No support for symlinking about summon HOT 5 CLOSED

One possible implementation would be to create a file instead of set an environment variable when the key is a quoted path instead of a constant.

For example:

secrets.yml

---
"~/.ssh/id_rsa": !var:file ryan/ssh/private

This could either create the file in /tmp and a symlink, or actually create the file in the target location with no symlink.

from summon.

why would you symlink when you can use /dev/shm instead? symlinking opens you up to placing files in insecure places.

from summon.

In my case there are services that need secrets to be in specific file locations that I cannot change. I want to use Summon to fetch them and make them accessible from that unchangeable path.

By using a symlink to the /dev/shm file that Summon populates, as soon as the Summon process terminates, that symlink points to a non-existent file (which is a good thing in my case - I don't want the secret to persist after the process terminates).

As I understand it, this still potentially exposes that secret after the process finishes if there's an open file descriptor to that symlink, but this is still better behavior than simply writing the secret to a file, which would persist after the Summon process terminates unless I explicitly delete it.

from summon.

Hi @jepperson2 We just added examples for adding symlinks in 201. It looks to be similar to what you are doing.

from summon.

Closing this issue as it is a duplicate of #190 .

from summon.