Connections

Connections define how private services are exposed based on their type and the agent they are associated with.

Command Line

This type allows for performing remote command line executions on remote services. Users can execute ad-hoc commands or run an interactive console on top of it.

Examples: rails console, kubectl, aws, psql, etc.

Postgres (port-forward)

This type enables port forwarding of the Postgres protocol for any private instance.

MySQL (port-forward)

This type allows for port forwarding of the MySQL protocol for any private instance.

TCP

This type enables port forwarding for any TCP service, such as HTTP.

Environment Variables (Secrets)

Environment variables define the values that are exposed when interacting with a connection. These values are exposed during execution. Environment variables can be exposed in the following ways:

As an environment variable. e.g.: MYVAR=val

As a temporary file in the filesystem. e.g.: MYVAR=/tmp/<session-id>.envfs

💡

The temporary file is saved with 0600 permissions and removed after execution.

AWS Secrets Manager

It is possible to use external sources to load environment variables. For example:

HOST=_aws:PG_CONFIG:PG_HOST

_aws defines the provider (aws secrets manager)

PG_CONFIG the name of the secret id to lookup

PG_HOST the name of the secret id

💡

The agent must have an instance profile with the following permissions to query this service:

secretsmanager:GetSecretValue

secretsmanager:GetResourcePolicy

secretsmanager:DescribeSecret

secretsmanager:ListSecretVersionIds

Connection Management

The hoop command line can be used to manage connections.

Create a command line connection

shell
hoop admin create connection bash -a default -- bash

creates a command-line connection named bash, associated with the agent default and uses the command bash as entrypoint.

Create a Postgres connection

shell
hoop admin create connection pg --type postgres -a default \
  -e HOST=192.168.10.20 \
  -e USER=root \
  -e PASS=mydbpasswd \
  -e DB=postgres

creates a postgres connection named pg, associated with the agent default with the environment variables HOST, USER, PASS and DB.

Creates a connection loading envs from the AWS Secrets Manager

shell
hoop admin create conn mysql --type mysql -a default \
  -e HOST=_aws:MYSQL_SECRET:MYSQL_HOST \
  -e USER=_aws:MYSQL_SECRET:MYSQL_USER \
  -e PASS=_aws:MYSQL_SECRET:MYSQL_PASSWD \
  -e DB=_aws:MYSQL_SECRET:MYSQL_DB

creates a mysql connection with the name mysql, associated with the agent default and with the environment variables HOST, USER, PASS and DB loading from the secret id MYSQL_SECRET.

💡

The use cases below describe in more detail how to create and manage each specific connection type.