Application configuration injection with StashBox and Telefónica Open Cloud Object Storage

by Fernando de la Iglesia, Technology expert at Telefónica I+D

Using as a starting point the story from my colleague GuidoApp configuration the easy way” I would like to add my two cents to Tip 3 : Using a configuration server, that is the idea of using another tool in addition to Consul: StashBox, created by SynchroLabs, but with the advantage that in addition to configuration files, this tool can provide any file, as for example SSL certificates, at application start time (or any other time).

StashBox is just a proxy that allows to configure several “mount points” and define which will be the backend for each of these “mount points” ranging from files in the filesystem of the StashBox container to external storage as a web server (using the “proxy” mount point type) or a cloud storage as Manta from Joyent. In addition to this, just adding a new driver we can enable the access to non-AWS S3 compatible cloud storage services, as for example the one provided by Telefónica’s Open Cloud (Edit: May 26 2017: driver already merged in

Without any doubt the starting point in order to understand StashBox capabilities is the information provided by SynchroLabs in their blog. As you can see there, StashBox can be configured with several mount points using a configuration file that is read when the StashBox container is started:

# StashBox config.json
"mount": "/stuff",
"provider": "file",
"basePath": "stash"
"mount": "/config/ssl.crt",
"provider": "env",
"var": "SSL_CERTS_B64",
"encoding": "base64"

In the previous example you can see two mount points that make use of different backends: files in the StashBox node (container) with “provider”: “file”, and environment variables with “provider”:”env”. We can easily add another backend by using the S3 compatible storage driver (“provider”:”s3compatible”):

"mount": "/foo/bar",
"provider": "s3compatible",
"bucket": "configs",
"endpoint": "",
"accessKey": "44XVDUHUOTHPRPS8GJEQ",
"secretKey": "ajarenareXGvuCbqpnipON4hkNkR1GapuExAPu",
"region": "mexico"

In this example the S3 compatible backend is Telefónica’s Open Cloud Object Storage service and the other parameters in the configuration file are for:

  • mount: path that the applications will use to obtain the objects/files in this mount point when calling StashBox (curl http://stashbox/foo/bar/ssl.crt for example)
  • provider: s3compatible, mount point type of the backend
  • bucket: bucket in the s3 compatible cloud storage service where the files to retreive will be
  • endpoint: S3 compatible service endpoint. In the example you can see one of the local endpoints for Open Cloud, specifically the one in México (find the complete endpoint list here)
  • accessKey: access key for getting access to the endpoint and buckets
  • secretKey: the corresponding secret key
  • region: set this value to any (reasonable) string value in case of using a non-AWS S3 endpoint, or the region corresponding to the endpoint in case of using ASW S3, this parameter override auto bucket region discovery.

In this object storage we can store any type of object, configuration files, of course, but also any kind of element that an application could require to work properly, from SSL certificates as stated previously to any binary object (images or executables) that a preStart function can download to be used by the application.

If we continue with the example that appears in the info page of the StashBox repository we can add to the image for a container a preStart function that is executed at start time and downloads a SSL certificate using the configured S3 compatible mount point with the corresponding storage service as a backend:

optionalStashboxDownload() {
status=$(curl $1 -w %{http_code} -s -S -f -o $2 --stderr err.txt)
if [ $status -eq 404 ]; then
echo "File $1 not found in Stashbox, local file (if any) will be used"
elif [ $status -eq 200 ]; then
echo "File $1 installed from StashBox"
echo "ERROR: Checking Stashbox for $1 failed, status: $status"
cat err.txt
exit 1
optionalStashboxDownload("http://stashbox/foo/bar/domain.crt", "/etc/ssl/certificates/domain.crt")

Finally to remark that, as it is indicated in the SynchorLabs blog referenced before, to use StashBox is compatible with the use of any other technique as the ones referenced by Guido in the story cited at the very beguining of this one.

StashBox Docker Image

You can download from Docker Hub a Docker image including StashBox prepared with the s3compatible_driver to be used without the need of building the image from the github repo

$ docker pull fernandodelaiglesia/stashbox2

This image contains a basic configuration file that can be substituted with one you can prepare to include, for example, the Open Cloud Object Storage service as in the previous example

$ docker create -p 80:80 --name sbox1 fernandodelaiglesia/stashbox2
$ docker cp config.json sbox1:/usr/src/app/config.json
$ docker start sbox1

With this you already have a StashBox ready to serve configuration files or any other component to your applications, be the application build on containers, functions as a service or any other formar.

Originally published at