Hi – I’ve been perusing the envconsul source code and was a little confused about how exactly the child process (my app) is supposed to handle new secret data when the Runner is notified via the Watchers. I am assuming that the Consul watchers send data on the DataCh channel when they detect that new secret information is available in Vault (that is how it works, right?). I see that on
The new data is read and persisted but what I don’t understand is how the child process is supposed to pick up on those changes (to re-auth to a DB or whatever the case may be). Would anyone be able to help me understand the complete picture here so I can make sure the managed service always has the latest secret information in memory? I don’t see an explicit configuration to set that would make envconsul signal the child process to update when new data is available, so I’m a little confused.
The snippet you include is the main loop that watches for new data, signals, etc. It blocks on that select{} until it receives something. In the case of receiving data (or any of the timers firing) it continues past the select down to this line…
nexitCh, err := r.Run()
The Run() method is where it starts the underlying process and stops the old one if present. It first stops the old child process…