Teleport Provider¶

This provider retrieves connection information from the Teleport client tool and transfers it to environment variables.

Introduced to automate tasks such as tsh login and export, this component eliminates the need for manual copy-paste commands like:

tsh app login --proxy=teleport.example.com my-app
export SSL_CERT_FILE=$(tsh app config --proxy=teleport.example.com -f=ca my-app)

Important

To use this provider, additional dependencies are needed. Please check the Teleport Support page for further information.

Configuration layout¶

toml

[[sources]]
name = "tsh"
type = "teleport"
proxy = "teleport.example.com"
cluster = "dev.example.com"
app = "my-app"

[[secrets]]
name = "HOST"
source = "tsh"
field = "uri"

[[secrets]]
name = "SSL_CERT_FILE"
source = "tsh"
field = "ca"
format = "path"

yaml

sources:
  - name: tsh
    type: teleport
    proxy: teleport.example.com
    cluster: dev.example.com
    app: my-app

secrets:
  - name: HOST
    source: tsh
    field: uri
  - name: SSL_CERT_FILE
    source: tsh
    field: ca
    format: path

json

{
  "sources": [
    {
      "name": "tsh",
      "type": "teleport",
      "proxy": "teleport.example.com",
      "cluster": "dev.example.com",
      "app": "my-app"
    }
  ],
  "secrets": [
    {
      "name": "HOST",
      "source": "tsh",
      "field": "uri"
    },
    {
      "name": "SSL_CERT_FILE",
      "source": "tsh",
      "field": "ca",
      "format": "path"
    }
  ]
}

pyproject.toml

[[tool.secrets-env.sources]]
name = "tsh"
type = "teleport"
proxy = "teleport.example.com"
cluster = "dev.example.com"
app = "my-app"

[[tool.secrets-env.secrets]]
name = "HOST"
source = "tsh"
field = "uri"

[[tool.secrets-env.secrets]]
name = "SSL_CERT_FILE"
source = "tsh"
field = "ca"
format = "path"

Source section¶

A field name followed by a bookmark icon () indicates that it is a required parameter.

To retrieve connection information, it’s necessary to provide the application name. If the remaining parameters are left unspecified, Teleport will automatically populate them with default values.

`app` ¶

Application name to request connection information for.

`proxy`¶

Address to Teleport proxy service.

`cluster`¶

Teleport cluster to connect.

`user`¶

Teleport user name.

Secrets section¶

The configurations within the secrets section determine which items are to be output.

`field` ¶

Specifies the item to output, which could be:

uri: URI to the application.
ca: Certificate authority (CA) certificate used to verify the peer.
cert: Client certificate.
key: Private key.
cert+key: Bundle containing both client certificate and private key.

`format`¶

Determines the format in which certificates are outputted. The value is ignored when field is set to uri, and could be:

path default: Path to the certificate file. Secrets.env will create a temporary file and set the environment variable to its path.
pem: Outputs text in PEM format.

Simplified layout¶

When utilizing this provider with simplified configuration, the string value will be interpreted as field, and the default format will be applied:

toml simplified

[source]
type = "teleport"
proxy = "teleport.example.com"
cluster = "dev.example.com"
app = "my-app"

[secrets]
HOST = "uri"
SSL_CERT_FILE = "ca"

yaml simplified

source:
  type: teleport
  proxy: teleport.example.com
  cluster: dev.example.com
  app: my-app

secrets:
  HOST: uri
  SSL_CERT_FILE: ca

Teleport Provider¶

Configuration layout¶

Source section¶

app ¶

proxy¶

cluster¶

user¶

Secrets section¶

field ¶

format¶

Simplified layout¶

`app` ¶

`proxy`¶

`cluster`¶

`user`¶

`field` ¶

`format`¶