Tag Archives: spruce

Simple secure credentials into YAML with Vault and Spruce

We use YAML for configuration of many things – Concourse pipelines, BOSH deployments, Cloud Foundry applications, and more. And we continually want to be more secure with how we handle our secrets. Two tools can be used together to help: Hashicorp vault for storing secrets Geoff Franks spruce for merging vault secrets into YAML files.

What’s new in Spruce?

It’s been a while since we last blogged about spruce, and since then, a lot of things have changed. Here’s a quick summary of the spruce operators, and new features as of Spruce 1.4.2: play.spruce.cf Want a playground to easily experiment with spruce operators, or debug/track down/report a bug? Check out http://play.spruce.cf. Params The ((

Spruce, Vault, Concourse & You

BOSH makes a whole lot of tasks in the operations / systemsmanagement space way easier than ever before. Combine that with tools like Spruce and Genesis, and you have a really powerful paradigm for managing your deployments. Pair that with Concourse and it seems like the sky is the limit! Then you run into the

Pre-Flight Checks: Sprucing up Concourse with Test Concourse

As part of a project, a client wants to have a self-deploying Concourse. Basically that means that once everything is set up, the alpha Concourse will deploy the beta Concourse and, if that completes successfully, the beta Concourse will then update/deploy the alpha Concourse. Because automation is shiny. Current Goal Ensure that the the beta

Use Spruce with new BOSH releases

We’re liking Spruce more and more as a replacement for Spiff in our BOSH releases. Spruce is a general purpose CLI for merging multiple YAML files into a single YAML file. Its especially useful when you want to programmatically build the final YAML file; and where the final YAML file is huge and its easier

Introducing Spruce – A More Intuitive Spiff

If you’ve been in the BOSH/CloudFoundry community for more than 10 minutes, you’ve probably heard of, seen and even used spiff. But, if you haven’t heard of it, Spiff helps to make BOSH manifests easier to manage by merging smaller template files with environment specific template files to get the final manifest. Unfortunately, Spiff has

A spruce example: cf-secrets.yml

Let’s take an the cf-secrets.yml file from cf-boshworkspace, and see if we can convert it from a spiff based template to a spruce based template. The original file is pretty big, so for simpliticy’s sake, lets strip it down to just this: meta: admin_secret: (( merge || c1oudc0wc1oudc0w )) secret: (( merge || defaults.secret ))