Teleport Provider¶
This provider retrieves connection information from the Teleport client tool and transfers it to environment variables.
Introduced to automate tasks such as tsh login
and export
, this component eliminates the need for manual copy-paste commands like:
tsh app login --proxy=teleport.example.com my-app
export SSL_CERT_FILE=$(tsh app config --proxy=teleport.example.com -f=ca my-app)
Important
To use this provider, additional dependencies are needed. Please check the Teleport Support page for further information.
Configuration layout¶
[[sources]]
name = "tsh"
type = "teleport"
proxy = "teleport.example.com"
cluster = "dev.example.com"
app = "my-app"
[[secrets]]
name = "HOST"
source = "tsh"
field = "uri"
[[secrets]]
name = "SSL_CERT_FILE"
source = "tsh"
field = "ca"
format = "path"
sources:
- name: tsh
type: teleport
proxy: teleport.example.com
cluster: dev.example.com
app: my-app
secrets:
- name: HOST
source: tsh
field: uri
- name: SSL_CERT_FILE
source: tsh
field: ca
format: path
{
"sources": [
{
"name": "tsh",
"type": "teleport",
"proxy": "teleport.example.com",
"cluster": "dev.example.com",
"app": "my-app"
}
],
"secrets": [
{
"name": "HOST",
"source": "tsh",
"field": "uri"
},
{
"name": "SSL_CERT_FILE",
"source": "tsh",
"field": "ca",
"format": "path"
}
]
}
[[tool.secrets-env.sources]]
name = "tsh"
type = "teleport"
proxy = "teleport.example.com"
cluster = "dev.example.com"
app = "my-app"
[[tool.secrets-env.secrets]]
name = "HOST"
source = "tsh"
field = "uri"
[[tool.secrets-env.secrets]]
name = "SSL_CERT_FILE"
source = "tsh"
field = "ca"
format = "path"
Source section¶
A field name followed by a bookmark icon (
) indicates that it is a required parameter.
To retrieve connection information, it’s necessary to provide the application name. If the remaining parameters are left unspecified, Teleport will automatically populate them with default values.
proxy
¶
Address to Teleport proxy service.
cluster
¶
Teleport cluster to connect.
user
¶
Teleport user name.
Secrets section¶
The configurations within the secrets
section determine which items are to be output.
format
¶
Determines the format in which certificates are outputted.
The value is ignored when field
is set to uri
, and could be:
path
defaultPath to the certificate file. Secrets.env will create a temporary file and set the environment variable to its path.
pem
Outputs text in PEM format.
Simplified layout¶
When utilizing this provider with simplified configuration, the string value will be interpreted as field
, and the default format will be applied:
[source]
type = "teleport"
proxy = "teleport.example.com"
cluster = "dev.example.com"
app = "my-app"
[secrets]
HOST = "uri"
SSL_CERT_FILE = "ca"
source:
type: teleport
proxy: teleport.example.com
cluster: dev.example.com
app: my-app
secrets:
HOST: uri
SSL_CERT_FILE: ca