During a recent project I had the opportunity to enhance the way we can treat configuration file values in various (Go based) integrations - YAML in this case but could be other formats such as JSON.
The idea is that you can implied expansions, the current supported set are detailed in ExpandString()
What does this mean? It means you can pull in dynamic values into config files, depending how and when they are used.
An ServiceNow integration (in cordial) does not yet support this, but I will be updating it to work with these changes.
Edit to above: Actually, these changes did get applied to the ServiceNow package, but only in HEAD and not yet in a tagged release.
Right now the primary missing piece is encoded passwords. For obvious reasons many users don’t like the idea of plaintext password, so we normally reference an external file that is still plaintext but can be better protected against access and accidental viewing.
We already have a Geneos AES256 encoding scheme that uses a key-file to encode/decode “secure” passwords of the form “+encs+XXXX”. We document how to create the key-files and how to encode/decode if you have the key-file. I also have the Go code to support it right now, the core is committed to cordial but more is on the way. You will be able to create encoded key-files and encode password from the
My immediate problem is how to put this into a configuration file that:
- Aligns with the syntax patterns in ExpandString() above
- Allows the user to implicitly or explicitly refer to a key-file
- Allows the user to provide the encoded password directly or via any of the styles in ExpandString
Imagine currently either of:
username: blahblahblah password: supersecret
Now, given a path to a key-file (or even two if we want to support the upcoming GA6.0.0 style previous/current system) and an encoded password, perhaps:
However, I am really keen - and not just for aesthetic reasons - to avoid supporting any recursive lookups, to here AESFILE and PASSWORD could not themselves use the expansion syntax. Also, if there are two key files, what then?
Ideas, comments, questions please.