Code 와 Config를 함께 관리하는 경우
-
raw string
aws: datasource: read: url: jdbc:mariadb://localhost:3306/cms username: root password: 1234 -
KMS Encryption ( + Base64 )
aws: datasource: read: url: AQICAHgUlbhbxpXionvxPoJJgyYMQHBa2i6Xc9bckpiy3ppp5AE134d2yJ7ojtKvrTfWx/FlAAAAfzB9BgkqhkiG9w0BBwagcDBuAgEAMGkGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM6xd/KnXqeqmYbwhjAgEQgDz+Vjk19lklU6t5T22t8AirkrxNeVSo2i94kHSYRqQJpxQdzbss3JPfbMRNMcvlVDb99xG2Dch2gaYfUlU= username: AQICAHgUlbhbxpXionvxPoJJgyYMQHBa2i6Xc9bckpiy3ppp5AFkJ4TL30VYS5K4zn1Y4mlOAAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMgVGXYOlc/EFqyxU+AgEQgB6lBNcFTDKsKaVtB+3HvODI/uPc7P1QzvjCAwSRx1I= password: AQICAHgUlbhbxpXionvxPoJJgyYMQHBa2i6Xc9bckpiy3ppp5AEZuyzrVxwDzgFzmuctZaQ7AAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMxhW8KbI9HmENmLrmAgEQgB4QgmB6cK5dVPr2xVVXjHr9SujbNK3MFYGOl3plqAk=
Config 일부 주요 정보를 별도로 보관 ( 대체로 Environment Variable 활용 )
-
Vault
-
Docker Swarm
-
Kubernetes ConfigMap
-
Github Action Secrets
-
AWS - Parameter Store (Free) / Secrets Manager ex) Github Action + Secrets Manager Github action yaml
- name: Get secrets by name and by ARN uses: aws-actions/aws-secretsmanager-get-secrets@v1 with: secret-ids: | exampleSecretName arn:aws:secretsmanager:us-east-2:123456789012:secret:test1-a1b2c3 0/test/secret /prod/example/secret SECRET_ALIAS_1,test/secret SECRET_ALIAS_2,arn:aws:secretsmanager:us-east-2:123456789012:secret:test2-a1b2c3Generated Environment Variables
EXAMPLESECRETNAME:secretValue1 TEST1:secretValue2 _0_TEST_SECRET:secretValue3 _PROD_EXAMPLE_SECRET:secretValue4 SECRET_ALIAS_1:secretValue5 SECRET_ALIAS_2:secretValue6cf) Spring 에서 환경변수에 접근하는 방법 ( application.yml )
aws: datasource: read: url: ${db_url} username: ${db_username} password: ${db_password}
Code와 Config를 분리하여 보관
-
고려사항
- Config Server 사용시 Service Discovery ( Server Provisioning )를 고려
- Dynamic Configuration 필요시 Event Driven Architecture를 고려
-
Case
- AWS Secrets Manager( json, yaml 형태로 저장 )
- Config Server
