Connections define how private services are exposed based on their type and the agent they are associated with.
Command Line
This type allows for performing remote command line executions on remote services. Users can execute ad-hoc commands or run an interactive console on top of it.
Examples:
rails console
, kubectl
, aws
, psql
, etc.Postgres (port-forward)
This type enables port forwarding of the Postgres protocol for any private instance.
MySQL (port-forward)
This type allows for port forwarding of the MySQL protocol for any private instance.
TCP
This type enables port forwarding for any TCP service, such as
HTTP
.Environment Variables (Secrets)
Environment variables define the values that are exposed when interacting with a connection. These values are exposed during execution. Environment variables can be exposed in the following ways:
- As an environment variable. e.g.:
MYVAR=val
- As a temporary file in the filesystem. e.g.:
MYVAR=/tmp/<session-id>.envfs
The temporary file is saved with
0600
permissions and removed after execution.AWS Secrets Manager
It is possible to use external sources to load environment variables. For example:
HOST=_aws:PG_CONFIG:PG_HOST
_aws
defines the provider (aws secrets manager)
PG_CONFIG
the name of the secret id to lookup
PG_HOST
the name of the secret id
The agent must have an instance profile with the following permissions to query this service:
- secretsmanager:GetSecretValue
- secretsmanager:GetResourcePolicy
- secretsmanager:DescribeSecret
- secretsmanager:ListSecretVersionIds
Connection Management
The hoop command line can be used to manage connections.
Create a command line connection
shellhoop admin create connection bash -a default -- bash
command-line
connection named bash
, associated with the agent default
and uses the command bash
as entrypoint.Create a Postgres connection
shellhoop admin create connection pg --type postgres -a default \ -e HOST=192.168.10.20 \ -e USER=root \ -e PASS=mydbpasswd \ -e DB=postgres
postgres
connection named pg
, associated with the agent default
with the environment variables HOST
, USER
, PASS
and DB
.Creates a connection loading envs from the AWS Secrets Manager
shellhoop admin create conn mysql --type mysql -a default \ -e HOST=_aws:MYSQL_SECRET:MYSQL_HOST \ -e USER=_aws:MYSQL_SECRET:MYSQL_USER \ -e PASS=_aws:MYSQL_SECRET:MYSQL_PASSWD \ -e DB=_aws:MYSQL_SECRET:MYSQL_DB
mysql
connection with the name mysql
, associated with the agent default
and with the environment variables HOST, USER, PASS and DB loading from the secret id MYSQL_SECRET
.The use cases below describe in more detail how to create and manage each specific connection type.