Providers
Providers are the sources from which sreq fetches credentials. Each provider connects to a different secret management system.
Supported Providers
| Provider | Status | Description |
|---|---|---|
| Consul KV | Available | HashiCorp Consul Key-Value store |
| AWS Secrets Manager | Available | AWS Secrets Manager |
| Environment Variables | Available | System environment variables |
| dotenv | Available | Local .env files |
| HashiCorp Vault | Planned | HashiCorp Vault KV secrets |
| GCP Secret Manager | Planned | Google Cloud Secret Manager |
| Azure Key Vault | Planned | Azure Key Vault |
How Providers Work
When you make a request, sreq:
- Reads the service configuration
- Determines which providers to query
- Fetches credentials from each provider
- Combines them into a complete credential set
- Makes the authenticated request
Provider Priority
When multiple providers can supply the same credential, sreq uses the first successful result in this order:
- Explicit path mappings in service config
- Provider path templates
- Default values
Credential Types
Providers can supply these credential types:
| Credential | Description | Common Sources |
|---|---|---|
base_url | Service base URL | Consul |
username | Authentication username | Consul |
password | Authentication password | AWS, Vault |
api_key | API key | AWS, Vault |
token | Bearer token | AWS, Vault |
Configuration
Providers are configured in ~/.sreq/config.yaml:
providers:
consul:
address: consul.example.com:8500
token: ${CONSUL_TOKEN}
paths:
base_url: "services/{service}/{env}/base_url"
username: "services/{service}/{env}/username"
aws_secrets:
region: us-east-1
paths:
password: "{service}/{env}/credentials#password"
api_key: "{service}/{env}/credentials#api_key"Path Templates
Path templates use placeholders replaced at runtime:
| Placeholder | Description |
|---|---|
{service} | Service name or consul_key/aws_prefix |
{env} | Current environment |
{region} | AWS region |
{project} | Project name |
{app} | Application name |
Adding a Provider
To add a new provider to sreq, implement the Provider interface:
type Provider interface {
Name() string
Fetch(ctx context.Context, path string) (string, error)
}See the Contributing Guide for details.
Next Steps
- Consul Provider — Setup and configuration
- AWS Provider — Setup and configuration
- Environment Variables — Read from system env vars
- dotenv Provider — Read from .env files