Reading constants from a secrets service
1
Constants are initialized via either a yaml config or env variables. Is it possible to change constants at runtime, or pass constants dynamically during startup from a source other than env vars or yaml? My use case is, I don’t want to leave secrets anywhere on a filesystem a hacker can use to exploit the app I think that includes runtime args, as they are also “saved” on the filesystem in one’s shell history (~/.bash_history etc) or the process can be listed (“ps -ef | grep java”) and expose secrets. Ideally I want to read app constants/config from a secrets service like HashiCorp’s Vault
asked
Herman Geldenhuys
2 answers
0
Hi Herman,
With a Free App using Mendix Cloud you can´t change Environment Constants or any tweaks
https://docs.mendix.com/developerportal/deploy/mendix-cloud-deploy/
You can however, set up your Own Private Cloud ( Connected / Kubernete / Docker etc ) !
https://docs.mendix.com/developerportal/deploy/private-cloud-cluster/
Best regards!
answered
Alexandre Sepe
0
I asked the same question on Mendix Slack, and Knorrie van Kranenburg gave a few options as things stand now. Notably, to see if m2ee tools could be used as it has a method for passing configuration…
https://github.com/mendix/m2ee-tools/blob/develop/src/m2ee/client.py#L138
My challenge it would seem, is to customize the buildpack and m2ee tools for Cloud Foundry (VMWare Tanzu)
answered
Herman Geldenhuys