Variables and Secrets
Expose K2K metrics.
Found an issue? Feed it back to us at Github, on Slack, Ask Marios or email.
To execute K2K, you must agree to the EULA and secure a free license.
Accept the EULA by setting license.acceptEula to true .
Secure a free license by:
emailing [email protected] to receive a token within seconds
setting
license.tokenwith the received token
The K2K configuration file supports variable substitution to allow for the injection of values from external sources at runtime. This capability is primarily used for providing sensitive data, such as passwords or authentication tokens, without hard-coding them in the configuration file. All variable substitutions are processed in memory when the application loads the configuration; the YAML file on disk is never modified.
Syntax
Variables must conform to the following syntax:
${loader:mapper(s):VARIABLE_NAME}The loader: and mapper(s): components are optional.
Components
loader (Optional)
Determines the source from which the variable's value is loaded. If unspecified, it defaults to env. Supported loaders are:
env: Reads the value from a system environment variable.file: Reads the raw content from a file at the specified path.
mapper(s) (Optional)
One or more optional, colon-separated transformation functions applied sequentially to the loaded value. Supported mappers are:
base64: Decodes a Base64-encoded string into its raw format.number: Casts a string value into a numeric type. This is required for configuration fields that expect numbers rather than strings.raw: Signals that the string should be added as is. No attempt will be made to put quotes around the value or escape any characters.string: Value will be included as a quoted string. Any new lines or quotes will be escaped.
VARIABLE_NAME (Required)
The name of the environment variable or the absolute path to the file to be loaded.
Escaping
The K2K template substitution engine treats the sequence of characters ${ as the beginning of a variable definition. In some scenarios this may cause unexpected errors like in the one bellow:
key: "${value"
#k2k would fail to initialize since it expects ${value to be a variable
# but it cannot find the closing bracket.In order to solve this issue, K2K allows escaping of the $ character with another $. As such, the example above could be specified as:
key: "$${value"
#yields 'key: "${value"' Disabling variable substitution
The variable substitution behavior can be toggled on/off. In order to do so one can provide the following command line flag when starting K2K:
k2k start ... -g disabledExamples
The following table provides examples of common variable substitution patterns.
${SECRET_PASSWORD}
Reads the value of the environment variable named SECRET_PASSWORD. The env loader is used by default when no loader is explicitly defined.
${env:SECRET_PASSWORD}
Explicitly reads the value of the environment variable SECRET_PASSWORD.
${env:SECRET_PASSWORD}
Explicitly reads the value of the environment variable SECRET_PASSWORD. Value will be included unquoted and now attempt will be made at escaping special characters or newlines.
${env:base64:DB_PASSWORD_B64}
Reads the value of the environment variable DB_PASSWORD_B64 and subsequently applies a Base64 decoding transformation.
${env:number:PORT_NUMBER}
Reads the value of the environment variable PORT_NUMBER and casts the resulting string to a numeric type.
${file:/etc/k2k/certs/ca.crt}
Reads the entire content of the file at the specified path and substitutes it into the configuration value.
${file:base64:/etc/k2k/secrets/secret.b64}
Reads the content of the file at the specified path and then applies a Base64 decoding transformation.
Last updated
Was this helpful?