Guidance for ENVCONSUL signal handling

Hi – I’ve been perusing the envconsul source code and was a little confused about how exactly the child process (my app) is supposed to handle new secret data when the Runner is notified via the Watchers. I am assuming that the Consul watchers send data on the DataCh channel when they detect that new secret information is available in Vault (that is how it works, right?). I see that on

The new data is read and persisted but what I don’t understand is how the child process is supposed to pick up on those changes (to re-auth to a DB or whatever the case may be). Would anyone be able to help me understand the complete picture here so I can make sure the managed service always has the latest secret information in memory? I don’t see an explicit configuration to set that would make envconsul signal the child process to update when new data is available, so I’m a little confused.


Anyone? Just looking for a little clarification here…

Hey Travis,

The snippet you include is the main loop that watches for new data, signals, etc. It blocks on that select{} until it receives something. In the case of receiving data (or any of the timers firing) it continues past the select down to this line…

nexitCh, err := r.Run()

The Run() method is where it starts the underlying process and stops the old one if present. It first stops the old child process…

if r.child != nil {
	log.Printf("[INFO] (runner) stopping existing child process")

Then a bit below that it kicks off the new process with the current (updated) environment…

child, err := child.New(&child.NewInput{
if err := child.Start(); err != nil {
	return nil, errors.Wrap(err, "starting child")
r.child = child

Hope this helps.

That definitely helps, thanks!