Hi! I am thinking of developing a plugin for Caddy to read secrets via systemd-creds. For example {systemd-creds.foo} (in a Caddyfile) should be replaced by the content of the credential with ID “foo”. In order to do that, my plugin would have to register the new placeholder “systemd-creds”, but I did not find any API to achieve this.
Is there such an API? Could you please point me at some example code, e.g., a plugin that does this or similar things? Thanks!
It’s not possible to add global replacements (because there would need to be somewhere in the config which loads modules globally, but that’s not a thing).
But you can add things to the replacer in HTTP routes. You can grab the replacer with:
repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
And you can call repl.Map() to add a closure which handles whatever placeholders you want.
But those placeholders will only be available in HTTP routes (after the replacer is augmented), and not for global options or config for other things like storage or TLS, etc.
The globalDefaultReplacements() function is currently not extensible, but maybe it should be. @francislavoie What if I add a method to register global placeholders? Would that be useful beyond a few niche things?
@matt we should finish making a decision on replacer: Implement `file.*` global replacements by francislavoie · Pull Request #5463 · caddyserver/caddy · GitHub before going down that path. I have concerns.
It’s not possible to add global replacements
Hmm okay. Maybe consider adding this in the future. @matt seems to hint that it would be possible to implement.
But those placeholders will only be available in HTTP routes (after the replacer is augmented), and not for global options or config for other things like storage or TLS, etc.
My motivation is to use this for configuring TLS …
we should finish making a decision on caddyserver/caddy#5463 before going down that path. I have concerns.
Note that while my question is related, what I want to do cannot be achieved with {file.*}. This new directive being discussed is only useful if the path to read is known statically. It’d be nice to allow community members that are not as concerned to develop plugins with the same power outside of Caddys main tree. In my case, the servers run on an internal network only (my responsibility) and I would not want to execute arbitrary commands or read arbitrary files but systemd-creds only. Let me shoot myself in the foot if I want to.
This topic was automatically closed after 30 days. New replies are no longer allowed.