Skip to content
ezoidc

Variable Providers

Variables can be configured to be loaded from different sources. In case the variable provider cannot load the variable, the server will log a warning.

Local

env

The env provider loads the variable value from the environment variables of the server process. A warning will be issued if the variable is empty.

variables:
  user:
    value: { env: USER }

file

The file provider loads the variable value from a file. The file path can be relative to the working directory of the ezoidc server or an absolute path.

variables:
  file:
    value: { file: /var/run/secrets/file }

string

The string provider returns the value of the variable as a string.

variables:
  accountId: '123456789012'


  username:
    value: 'user'

External

aws.ssm

The aws.ssm provider loads the variable value from the AWS SSM Parameter Store. The ezoidc server needs to be configured with AWS credentials that have access to the parameters and associated KMS keys for any SecureString parameters. The provider makes GetParameters API calls in batches of 10 parameters.

variables:
  secret:
    value: { aws.ssm: parameterName }

kubernetes.secret

The kubernetes.secret provider loads the variable value from the property of a Kubernetes secret.

variables:
  secret:
    value: { kubernetes.secret: namespace/secretName/propertyName }

The namespace can be omitted if the secret is in the same namespace as the ezoidc server.

config.yaml
variables:
  secret:
    value: { kubernetes.secret: secretName/propertyName }