Morio Settings: tokens
The tokens
settings hold various tokens. They come in three different flavours:
vars
are variables that you can use to keep your settingssecrets
are sensitive variables that will be encryptedflags
allows you to set feature flags
All of them are optional.
tokens.vars
Optional Allows you to create variables that you can then re-use throughout your configuration.
To use them, use Mustache syntax:
- Use double curly braces for default replacement:
"{{ MY_VAR }}"
- Use triple curly braces to suppress HTML-escaping of the value:
"{{{ MY_HTML_VAR }}}"
tokens.vars.[name]
Optional
To create a variable, create a key under tokens.vars
and give it a value.
tokens:
vars:
ITS_ME: Morio
tokens.secrets
Optional Allows you to create sensitive variables (aka secrets) that you can then re-use throughout your configuration.
Secrets behave exactly like variables, but have two important differences:
- They will be encrypted
- They support Morio’s Hashicorp Vault integration
To use them, use Mustache syntax:
- Use double curly braces for default replacement:
"{{ MY_VAR }}"
- Use triple curly braces to suppress HTML-escaping of the value:
"{{{ MY_HTML_VAR }}}"
tokens.secrets.[name]
Optional
To create a secret, create a key under tokens.secrets
and give it a value.
- Regular Secrets
- Hashicorp Vault
tokens:
secrets:
NOBODY_CAN_KNOW_THIS: You really are quite cute
Morio will encrypt this value at rest so that it looks something like this:
tokens:
secrets:
NOBODY_CAN_KNOW_THIS: "{ iv: \"9989922c677e1d4d0f9a9d1556ac7e7d\", ct: \"4e3fafac2f4febb1c40b7cced3ddcd21\" }"
To defer to the Hashicorp Vault integration,
make your value an object with key vault
and use the following syntax for its
value:
path_to_secrets:SECRET_NAME
Example:
tokens:
secrets:
NOBODY_CAN_KNOW_THIS:
vault: "path/to/secrets:NOBODY_CAN_KNOW_THIS
The name of the secret in Vault does not need to match the name of the secret in Morio. But as it makes troubleshooting easier, we recommend making them match.
tokens.flags
Optional Allows you to set Morio feature flags.
tokens.flags.[flag]
To set a feature flag, create a key under tokens.flags
with the name of the feature flag.
Then give it the value you want.
tokens:
flags:
DISABLE_IDP_MRT: true