`.novops.yml` configuration schema

novops uses .novops.yml to load secrets. This doc details how this file can be used for various use cases. You can use another config with novops [load|run] -c PATH, though this doc will refer to .novops.yml for config file.

See full .novops.yml schema for all available configurations.

Configuration path precedence

Novops will load configuration in that order:

-c or --config CLI flag if provided
.novops.yaml in current directory
.novops.yml in current directory
Fail as no config can be found

Configuration: Environments, Modules, Inputs and Outputs

.novops.yml defines:

Environments for which secrets can be loaded
Environments define Inputs (files, variables, aws...)
Inputs are resolved into Environment Variables and Files (and other Outputs constructs internally with files and variables)
Inputs can also use other Inputs, such as an Hashicorp Vault hvault_kv2 Inputs used by a variable Input to resolve a secret into an environment variable (see below for example)

Example: environments dev and prod with inputs files, variables and hvault_kv2.

environments:

  # Environment name
  dev:

   # "variables" is a list of "variable" inputs for environment
   # Loading these inputs will result in envionment variables outputs
   variables:

      # - name: environment variable name
      # - value: variable value, can be a plain string or another input
      - name: MY_APP_HOST
        value: "localhost:8080"

      # here variable value is another Input resolving to a string
      # novops will read the referenced value
      # in this case from Hashicorp Vault server
      - name: MY_APP_PASSWORD
        value:
          hvault_kv2:
            path: crafteo/app/dev
            key: password

    # "files" is a list of "file" inputs
    files:

      # - content: input resolving to a string. Can be a plain string or another input resolving to a string
      # - variable: a variable name which will point to generated file
      # - dest: Optionally, the final destination where file will be generate. By default Novops create a file in a secure directory.
      #
      # This file input will resolve to two Outputs:
      # - A variable MY_APP_CONFIG=/path/to/secure/location
      # - A file created in a secure location with content "bind_addr: localhost"
      #
      - variable: MY_APP_CONFIG
        content: |
          bind_addr: localhost

      # Like variables input, file Input content can use another Input
      # to load value from external source
      - variable: MY_APP_TOKEN
        content:
          hvault_kv2:
            path: crafteo/app/dev
            key: token

Root `config` keyword

Root config is used to specify global configurations for Novops and its modules:

config:

  # novops default configs
  default:

    # name of environment loaded by default
    environment: dev

  # Hashivault config
  # See Hashivault module doc
  hashivault:
    # ...

  # AWS config
  # See AWS module doc
  aws:
    # ...

  # Other module configs may exists
  # See module docs or full Novops schema for details
  <someModule>:
    # ...

novops documentation

.novops.yml configuration schema

Configuration path precedence

Configuration: Environments, Modules, Inputs and Outputs

Root config keyword

`.novops.yml` configuration schema

Root `config` keyword