Weep searches for a configuration file in the following locations:
./.weep.yaml
~/.weep.yaml
~/.config/weep/.weep.yaml
You can also specify a config file as a CLI arg:
weep --config somethingdifferent.yaml list
Weep supports authenticating to ConsoleMe in either a standalone challenge mode (ConsoleMe will authenticate the user according to its settings), or mutual TLS (ConsoleMe has to be configured to accept mutual TLS).
In challenge mode, Weep will prompt the user for their username the first time they authenticate, and then attempt to derive their username from their valid/expired JWT on subsequent attempts. You can also specify the desired username in weep's configuration under the challenge_settings.user setting as seen in example-config.yaml.
Here's an example configuration file:
consoleme_url:https://path_to_consoleme:portauthentication_method:mtls# challenge or mtlsserver:http_timeout:20metadata_port:9090ecs_credential_provider_port:9091#challenge_settings: # (Optional) Username can be provided. If it is not provided, user will be prompted on first authentication attempt
# user: you@example.commtls_settings:# only needed if authentication_method is mtlsold_cert_message:mTLS certificate is too old, please run [refresh command]cert:mtls.crtkey:mtls.keycafile:mtlsCA.peminsecure:falsedarwin:# weep will look in platform-specific directories for the three files specified above - "/run/mtls/certificates" - "/mtls/certificates" - "$HOME/.mtls/certificates" - "$HOME/.mtls"linux: - "/run/mtls/certificates" - "/mtls/certificates" - "$HOME/.mtls/certificates" - "$HOME/.mtls"windows: - "C:\\run\\mtls\\certificates" - "C:\\mtls\\certificates" - "$HOME\\.mtls\\certificates" - "$HOME\\.mtls"metadata:routes: - path:latest/user-data - path:latest/meta-data/local-ipv4data:"127.0.0.1" - path:latest/meta-data/local-hostnamedata:ip-127-0-0-1.us-west-2.compute.internal
