Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow password (or any secret) to be set at run time after yaml config read

See original GitHub issue

Is your feature request related to a problem? Please describe.

Add a “setPassword” method to org.redisson.config.Config;

Motivation:

I’d like to configure everything EXCEPT the password in .yaml.

But allow a programatic setting of just the password after the .yaml config loads.

This way I can pull that “secret” out of a “vault” ( hashicorp vault, azure key vault, amazon aws kms, etc)…and set it at run time.

https://github.com/redisson/redisson/blob/fe25a7f956ecc388aa196e692b20c6fa92b438c1/redisson/src/main/java/org/redisson/config/BaseConfig.java#L145

Describe the solution you’d like

org.redisson.config.Config;

Since we do not have access to the “inner” objects

https://github.com/redisson/redisson/blob/master/redisson/src/main/java/org/redisson/config/Config.java#L48L56

( private SentinelServersConfig sentinelServersConfig;

private MasterSlaveServersConfig masterSlaveServersConfig;

private SingleServerConfig singleServerConfig;

private ClusterServersConfig clusterServersConfig;

private ReplicatedServersConfig replicatedServersConfig;)

provide a method on

org.redisson.config.Config;

for “setPassword”

that will allow the setting of the inner object (if available) (or throw exception if not available)

OR

if you want to do it “functionally”…create an overload

public Config(Config oldConf, String newPassword) { }

https://github.com/redisson/redisson/blob/master/redisson/src/main/java/org/redisson/config/Config.java#L110

Describe alternatives you’ve considered

No alternatives.

Below shows the idea:

` //import org.redisson.Redisson; //import org.redisson.api.RMapCache; //import org.redisson.api.RedissonClient; //import org.redisson.config.Config;

public static final String REDISSON_JCACHE_YAML = "/redisson-jcache.yaml";


        Config config = null;
        try {
            // YAML configuration
            URL redissonConfigUri = MyThing.class.getResource(REDISSON_JCACHE_YAML);

            if (null == redissonConfigUri) {
                throw new NullPointerException("My Message");
            }
            config = Config.fromYAML(redissonConfigUri);

            if (null == config) {
                throw new NullPointerException("My Other Message");
            }

            String myPassword = /* read from a vault here */;
            config.setPassword(myPassword);

        } catch (Exception ex) {
            throw new RuntimeException("Yet Another Explicit Message", ex);
        }
        RedissonClient client = Redisson.create(config);

`

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
avcadcommented, Feb 3, 2021

Not sure if it helps you, but we had a similar requirement. (using encrypted password) I load the redis_cfg.yaml file into a string first, do the substitutions and then use: Config.fromYAML( configInString ); You can have something in the file like password: !MYPASSWORD! and replace !MYPASSWORD! in the code before calling Config.fromYAML

1reaction
mrnikocommented, Feb 3, 2021

Since we do not have access to the “inner” objects

You have it:

config.useClusterServers();
config.useReplicatedServers();
config.useSentinelServers();
config.useSingleServer();

So you can change password like this:

SingleServerConfig c = config.useSingleServer();
c.setPassword(pass);
Read more comments on GitHub >

github_iconTop Results From Across the Web

Managing Secrets using Configuration File - Kubernetes
This field allows you to put a non-base64 encoded string directly into the Secret, and the string will be encoded for you when...
Read more >
Access YAML Configuration - JFrog
Once you have configured your YAML file to include all the configuration changes needed, you can apply them by following the steps using...
Read more >
Use secrets | Cloud Run Documentation
However, during runtime, if a secret is inaccessible, attempts to read the mounted ... the Google Cloud CLI, or a YAML file when...
Read more >
Handling secrets in your Ansible playbooks | Enable Sysadmin
Be sure to set appropriate permissions on the decryption password file so that only the user running the playbook can access it. Alternatively, ......
Read more >
Manage sensitive data with Docker secrets
When you grant a newly-created or running service access to a secret, the decrypted ... which represents the file to read the secret...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Can't execute SENTINEL commands on /192.168.28.129:63376

Next page

[Redis Cluster] RedisTimeoutException: Unable to acquire connection! Increase connection pool size