Deriving Parameters from Files

The FileParameterProvider maps a directory to a parameter group named after the directory, and the files within the directory to parameters. Each file's name is mapped to a parameter, and the content of the file becomes the value. Hidden files and nested directories are ignored.

While this provider can be useful in a range of cases, it particularly matches the mounted volume secret structure in Kubernetes. A full discussion of Kubernetes secrets is beyond the scope of this document, but a brief overview can illustrate how these secrets can be mapped to parameter groups.

Kubernetes Mounted Secrets Example

Assume a secret is configured as follows:

  admin_username: my-username (base64-encoded)
  admin_password: my-password (base64-encoded)
  access_key: my-key (base64-encoded)

Assume a deployment has the following configuration:

  - name: system-credentials
      - key: admin_username
        path: sys.admin.username
      - key: admin_password
        path: sys.admin.password
      - key: access_key
        path: sys.access.key
      secretName: system-creds
  - volumeMounts:
    - mountPath: /etc/secrets/system-credentials
      name: system-credentials
      readOnly: true

Then, this secret will appear on disk as follows:

$ ls /etc/secrets/system-credentials
sys.access.key  sys.admin.password sys.admin.username

Therefore, to map this secret to a parameter group that will populate a Parameter Context named 'system-credentials', you should simply provide the following configuration to the FileParameterProvider:

The 'system-credentials' parameter context will then contain the following parameters: