Configuration

Weep searches for a configuration file in the following locations:

  • ./.weep.yaml

  • ~/.weep.yaml

  • ~/.config/weep/.weep.yaml

You can also specify a config file as a CLI arg:

weep --config somethingdifferent.yaml list

Weep supports authenticating to ConsoleMe in either a standalone challenge mode (ConsoleMe will authenticate the user according to its settings), or mutual TLS (ConsoleMe has to be configured to accept mutual TLS).

In challenge mode, Weep will prompt the user for their username the first time they authenticate, and then attempt to derive their username from their valid/expired JWT on subsequent attempts. You can also specify the desired username in weep's configuration under the challenge_settings.user setting as seen in example-config.yaml.

Here's an example configuration file:

consoleme_url: https://path_to_consoleme:port
authentication_method: mtls # challenge or mtls
server:
  http_timeout: 20
  metadata_port: 9090
  ecs_credential_provider_port: 9091
#challenge_settings: # (Optional) Username can be provided. If it is not provided, user will be prompted on first authentication attempt
#  user: you@example.com
mtls_settings: # only needed if authentication_method is mtls
  old_cert_message: mTLS certificate is too old, please run [refresh command]
  cert: mtls.crt
  key: mtls.key
  cafile: mtlsCA.pem
  insecure: false
  darwin: # weep will look in platform-specific directories for the three files specified above
    - "/run/mtls/certificates"
    - "/mtls/certificates"
    - "$HOME/.mtls/certificates"
    - "$HOME/.mtls"
  linux:
    - "/run/mtls/certificates"
    - "/mtls/certificates"
    - "$HOME/.mtls/certificates"
    - "$HOME/.mtls"
  windows:
    - "C:\\run\\mtls\\certificates"
    - "C:\\mtls\\certificates"
    - "$HOME\\.mtls\\certificates"
    - "$HOME\\.mtls"
metadata:
  routes:
    - path: latest/user-data
    - path: latest/meta-data/local-ipv4
      data: "127.0.0.1"
    - path: latest/meta-data/local-hostname
      data: ip-127-0-0-1.us-west-2.compute.internal

Last updated