Teller : Never leave your command line for secrets.
Posted in Recipe on April 18, 2023 by Venkatesh S ‐ 3 min read
I have been in situations where API keys, sensitive data like Database Passwords, Encryption keys etc needs to be managed seamlessly with reviling this sensitive information. This gets more complex while we are managing it across multiple environments as well as across multiple applications.
In a typical application development scenarios, this steps are followed.
- Sensitive Information are kept in secret vaults (available as cloud services like Hashicorp Vault, Consul, AWS Param Store, AWS Secret Manager, Google Cloud Secret Manager, etcd, Heroku and others)
- They are later retrieved to set the local environmental variables before the applications are started.
However there are a few challenges in this second step of retrieving them and setting them in environmental variables especially during development phases. The challenges are
- Developers can accidentally expose the secrets in various ways while they are trying to pull them from the secret vaults.
- The might not use a standard CISO/infosec approved vaults and take some local approaches to manage secrets skipping completely step 1 mentioned above.
- They may skip standard validation mechanisms available as security measures across various providers and then take shortcuts to pull in these values. They may accidentally expose this information as well.
Teller
There is a super clean way to manage your secrets so that all these issues are avoided. Checkout “Teller”.
Teller sits as a tool in between your secrets managed in your application and the provider who is providing these secrets.
Teller is a productivity secret manager for developers. It supports managing secrets in cloud-native apps by pulling secrets that you have saved on multiple cloud providers and setting them in command line. It’s quick, easy, and safe.
- 💻 Never leave your terminal for secrets, teller will pull it all for you.
- 📟 Easy and clean workflows for working with cloud environments.
- 🔎 Scan for secrets and fight secret sprawl.
Installing Teller
To install teller on Mac, follow this
brew tap spectralops/tap && brew install teller
To install it on linux or windows machines, set it up using binary available in releases page.
Using Teller
Run
teller new
and follow the wizard, pick the providers you like and it will generate a .teller.yml for you.
You can check the .teller.yml that is generated and modify certain elements as required. Check out the details on their website for all configurations available.
Run
teller show
to get an idea of all the keys for all the environmental variables retrieved. Note that you will not be able to see the values. You will just know that these values are set.
Teller providers
This is the list of current providers Teller supports out of the box at this point in time.
References
Teller Website https://tlr.dev/
Teller Gitrepo and Documentation https://github.com/tellerops/teller
Teller Releases https://github.com/tellerops/teller/releases