https://linen.dev logo
Join Slack
Powered by
This message was deleted.
# opal
s
This message was deleted.
f
Hi @Jeevan - Are you talking about setting env variables for the database, or more specifically about updating these variables on-the-go once you run OPAL?
j
so once the env vars (which loads db secrets) are setup, can we update it?
o
Hi @Jeevan. Yes, opal-clients constantly try to reconnect to their opal-servers, with an exponential back off. Regarding environment variables it depends on which you mean. A lot of elements with OPAL are dynamic such as Git repos (via scopes), or data sources (via the external source config option)
Most env vars are set and fixed per load
j
so if 
OPAL_DATA_CONFIG_SOURCES
is set. can we update it without having to re-load the container?
o
No, but you can use the 
external_source_url
option to have it provide dynamic data from another server https://docs.opal.ac/tutorials/configure_external_data_sources#external-data-sources---architecture-and-flows
In general there isn't really such thing as dynamically changing env vars for a process that has already started
j
yeah, that makes sense. as in, once can't update the envs dynamicalluy
it's just, the config looks something like this
Copy code
{
  "config": {
    "entries": [
      {
        "url": "<postgresql://water>",
        "config": {
          "fetcher": "PostgresFetchProvider",
          "query": SQL Query,
          "connection_params": {
            "database": "db-alpha",
            "user": "",
            "password": "",
            "host": "",
            "port": "5432"
          }
        },
        "topics": ["policy_data"],
        "dst_path": "organizations"
      },
   ]
}
and the password into 
OPAL_DATA_CONFIG_SOURCES
but once loaded, was wondering, if we can some how update the same
o
With external data sources you can have a dynamic separate service providing a different config every time a client connects. That said you really shouldn't provide password through this, you're creating a weak spot with secrets. It would be better to have the password passed to each client as an env-var (or obtain it locally in another way). You can create a custom data-fetcher that will utilize the secret
j
aah, okay. makes sense
so having a client do the fetching will prolly work in our cases
o
Yes for sure. Look at writing your own data-fetcher, it's very easy. https://docs.opal.ac/tutorials/write_your_own_fetch_provider
j
yeah, got our hands on, on the custom postgres fetcher
o
You can have the fetcher obtain the secret it needs as part of it's fetch process
j
it was really easy to work with
💜 1
thanks for such a cool project 😁
o
Our pleasure, Thanks for sharing your experience
Open in Slack
PreviousNext
Powered by