INFO
This documentation is up to date as of version 2.x.x.
All cellar configuration is handled through API settings,
and such API configuration handled through environment variables.
You must configure both the application settings as well as one datastore and one cryptography engine.
See below for details.
App
| Name | Type | Min Version | Description | Default |
|---|
APP_CLIENT_ADDRESS | string | | Specifies the fully qualified domain name where Cellar will be hosted. | http://127.0.0.1:8080 |
APP_BIND_ADDRESS | string | | Specifies the address on which the Cellar API will listen for requests. | 127.0.0.1:8080 |
LOGGING_LEVEL | string | | Specifies the minimum level of logs that Cellar will output. Must be one of the following values: trace, debug, info, warning, error, fatal, panic. | info |
LOGGING_ENABLE_STDOUT | boolean | | Specifies whether Cellar should output logs to standard out. | true |
LOGGING_DIRECTORY (optional) | string | | Specifies a directory where Cellar should write logs. Cellar will create the directory if it does not exist. | |
Datastore
Redis
| Name | Type | Min Version | Description | Default |
|---|
REDIS_HOST | string | | Specifies the host of the Redis database. | localhost |
REDIS_PORT | integer | | Specifies the host one which to connect to the Redis database. | 6379 |
REDIS_PASSWORD (optional) | string | | Specifies the password for the Redis database. | |
REDIS_DB | integer | | Specifies which database to connect to on the Redis instance. | 0 |
Cryptography
Vault
| Name | Type | Min Version | Description | Default |
|---|
VAULT_ADDRESS | string | | Specifies the full address to the Vault instance. | http://localhost:8200 |
VAULT_ENCRYPTION_TOKEN_NAME | string | | Specifies the name of the encryption key from the Vault Transit Secrets ENgine to use for encrypting and decrypting. | |
VAULT_AUTH_MOUNT_PATH | string | v2.0.0 | Specifies the mount path of the auth engine you whish to use to authenticate from Cellar API to vault (see below for more information) | |
Cellar supports multiple methods of authentication between your api and vault.
You must configure exactly one of them.
For more information on how each of these auth methods work, please refer to the Vault Auth Methods documentation.
AppRole Auth
| Name | Type | Min Version | Description | Default |
|---|
VAULT_ROLE_ID | string | | Specifies the role_id to use for authenticating to Vault with AppRole authentication. | |
VAULT_SECRET_ID | string | | Specifies the secret_id to use for authenticating to Vault with AppRole authentication. | |
AWS IAM Auth
| Name | Type | Min Version | Description | Default |
|---|
VAULT_AUTH_AWSIAM_ROLE | string | v2.0.0 | Specifies the AWS IAM role to use for authenticating to vault with AWS IAM authentication. | |
GCP IAM Auth
| Name | Type | Min Version | Description | Default |
|---|
VAULT_AUTH_GCPIAM_ROLE | string | v2.0.0 | Specifies the GCP IAM role to use for authenticating to vault with GCP IAM authentication. | |
Kubernetes Auth
| Name | Type | Min Version | Description | Default |
|---|
VAULT_AUTH_KUBERNETES_ROLE | string | v2.0.0 | Specifies the K8s role to use for authenticating to vault with K8s authentication. | |
