locket 0.17.3

Helper tool for secret injection as a process dependency
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

# 1password Connect Provider

This provider is based on a [1password Connect](https://developer.1password.com/docs/connect/) backend. Requests for secrets are made via calls to the Connect REST API on your configured Connect host.

> [!NOTE]
> This provider requires a functioning and reachable 1password connect deployment. You cannot access `my.1password.com` using the Connect API

1. [Deploy a 1password Connect Server](https://developer.1password.com/docs/connect/get-started#step-2-deploy-a-1password-connect-server)
1. [Create an access token](https://developer.1password.com/docs/connect/manage-connect#create-a-token)
1. Configure locket with your reachable connect host URL, and your authentication token. [Configuration Reference](../inject.md#1password-connect)

```sh
locket inject --provider op-connect \
  --connect-token file:/path/to/token \
  --connect-host https://connect.example.com \
  --out /run/secrets/locket \
  --secret name={{op://Vault/Secret/Section/Item}}
  --secret /path/to/secrets.yaml \
  --secret auth_key=@key.pem \
  --map ./tpl:/run/secrets/locket/mapped 
```

## Example `locket inject` Configuration

```yaml
services:
  locket:
    image: ghcr.io/bpbradley/locket:connect
    user: "1000:1000"
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    container_name: locket-connect
    secrets:
      - connect_token
    volumes:
      - ./templates:/templates:ro
      - out-connect:/run/secrets/locket
    command: # Or use environment variables
      - "--connect-token=file:/run/secrets/connect_token"
      - "--connect-host=https://connect.example.com"
secrets:
  connect_token:
    file: /etc/tokens/connect
volumes:
  out-connect: { driver: local, driver_opts: { type: tmpfs, device: tmpfs, o: "uid=1000,gid=1000,mode=0700" } }
```

## Example Provider Configuration

```yaml
---
name: provider
services:
  locket:
    provider:
      type: locket
      options:
        provider: op-connect
        connect-token: file:/etc/connect/token
        connect-host: $OP_CONNECT_HOST
        secrets:
          - "secret1={{ op://Mordin/SecretPassword/Test Section/text }}"
          - "secret2={{ op://Mordin/SecretPassword/Test Section/date }}"
  demo:
    image: busybox
    user: "1000:1000"
    command: 
      - sh
      - -c
      - "env | grep LOCKET"
    depends_on:
      - locket

```