See practical examples of how to use Kuba with different applications, frameworks, and deployment scenarios.
Web Application Examples
Node.js Express Application
Run a Node.js Express application with database credentials and API keys:
kuba run --env production -- node app.jsConfiguration (kuba.yaml):
production:
provider: gcp
project: my-project
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "prod-database-url"
- environment-variable: "JWT_SECRET"
secret-key: "jwt-secret"
- environment-variable: "STRIPE_SECRET_KEY"
secret-key: "stripe-secret-key"
- environment-variable: "REDIS_URL"
value: "redis://${REDIS_HOST:-localhost}:6379"Application Code:
const express = require('express');
const app = express();
// Environment variables are automatically available
const dbUrl = process.env.DATABASE_URL;
const jwtSecret = process.env.JWT_SECRET;
const stripeKey = process.env.STRIPE_SECRET_KEY;
const redisUrl = process.env.REDIS_URL;
console.log('Database URL:', dbUrl);
console.log('Redis URL:', redisUrl);
app.listen(3000, () => {
console.log('Server running on port 3000');
});Python Flask Application
Run a Python Flask application with environment-specific configurations:
kuba run --env development -- python app.pyConfiguration (kuba.yaml):
development:
provider: aws
mappings:
- environment-variable: "FLASK_ENV"
value: "development"
- environment-variable: "DATABASE_URL"
secret-key: "dev-database-url"
- environment-variable: "SECRET_KEY"
secret-key: "flask-secret-key"
- environment-variable: "DEBUG"
value: "true"Application Code:
from flask import Flask
import os
app = Flask(__name__)
# Environment variables are automatically available
app.config['DATABASE_URL'] = os.environ.get('DATABASE_URL')
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY')
app.config['DEBUG'] = os.environ.get('DEBUG', 'false').lower() == 'true'
print(f"Database URL: {app.config['DATABASE_URL']}")
print(f"Debug mode: {app.config['DEBUG']}")
if __name__ == '__main__':
app.run(debug=app.config['DEBUG'])Database & API Examples
Database Migrations
Run database migrations with production credentials:
# Run migrations with production database credentials
kuba run --env production -- npm run migrate
# Run seed data with development database
kuba run --env development -- npm run seedConfiguration:
production:
provider: gcp
project: my-project
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "prod-postgres-url"
- environment-variable: "DB_PASSWORD"
secret-key: "prod-db-password"
development:
provider: aws
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "dev-postgres-url"
- environment-variable: "DB_PASSWORD"
secret-key: "dev-db-password"External API Integration
Connect to external APIs with secure keys:
kuba run --env staging -- python api_client.pyConfiguration:
staging:
provider: azure
mappings:
- environment-variable: "STRIPE_API_KEY"
secret-key: "stripe-staging-key"
- environment-variable: "SENDGRID_API_KEY"
secret-key: "sendgrid-staging-key"
- environment-variable: "TWILIO_ACCOUNT_SID"
secret-key: "twilio-account-sid"
- environment-variable: "TWILIO_AUTH_TOKEN"
secret-key: "twilio-auth-token"API Client Code:
import os
import stripe
import sendgrid
from twilio.rest import Client
# API keys are automatically available
stripe.api_key = os.environ.get('STRIPE_API_KEY')
sendgrid_client = sendgrid.SendGridAPIClient(
api_key=os.environ.get('SENDGRID_API_KEY')
)
twilio_client = Client(
os.environ.get('TWILIO_ACCOUNT_SID'),
os.environ.get('TWILIO_AUTH_TOKEN')
)
print("Stripe API key configured:", bool(stripe.api_key))
print("SendGrid API key configured:", bool(os.environ.get('SENDGRID_API_KEY')))
print("Twilio credentials configured:", bool(os.environ.get('TWILIO_ACCOUNT_SID')))Docker & Container Examples
Docker Container with Secrets
Run Docker containers with environment variables from Kuba:
# Build image with secrets available during build
kuba run --env production -- docker build \
--build-arg DATABASE_URL \
--build-arg API_KEY \
-t myapp .
# Run container with secrets as environment variables
kuba run --env production -- docker run \
-e DATABASE_URL \
-e API_KEY \
-e REDIS_URL \
-p 3000:3000 \
myappDockerfile:
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
# Build arguments for secrets
ARG DATABASE_URL
ARG API_KEY
# Set environment variables
ENV DATABASE_URL=$DATABASE_URL
ENV API_KEY=$API_KEY
EXPOSE 3000
CMD ["npm", "start"]Docker Compose Integration
Use Kuba with Docker Compose for multi-service applications:
# Start all services with production secrets
kuba run --env production -- docker-compose up -d
# Start specific service with development secrets
kuba run --env development -- docker-compose up webdocker-compose.yml:
version: '3.8'
services:
web:
build: .
ports:
- "3000:3000"
environment:
- DATABASE_URL
- API_KEY
- REDIS_URL
depends_on:
- db
- redis
db:
image: postgres:15
environment:
- POSTGRES_DB=myapp
- POSTGRES_USER=myapp
- POSTGRES_PASSWORD
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7-alpine
ports:
- "6379:6379"
volumes:
postgres_data:CI/CD Pipeline Examples
GitHub Actions
Integrate Kuba into GitHub Actions workflows:
name: Deploy to Production
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Install Kuba
run: |
curl -sSL https://kuba.mwco.app/install.sh | bash
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Build and deploy
run: |
kuba run --env production -- npm run build
kuba run --env production -- npm run deployGitLab CI
Use Kuba in GitLab CI/CD pipelines:
stages:
- test
- deploy
variables:
KUBE_CONFIG_FILE: $CI_PROJECT_DIR/kuba.yaml
test:
stage: test
image: node:18
before_script:
- curl -sSL https://kuba.mwco.app/install.sh | bash
script:
- kuba run --env testing -- npm test
only:
- merge_requests
deploy:
stage: deploy
image: node:18
before_script:
- curl -sSL https://kuba.mwco.app/install.sh | bash
script:
- kuba run --env production -- npm run deploy
only:
- mainDevelopment Workflow Examples
Local Development
Use Kuba for local development without managing .env files:
# Start development server
kuba run --env development -- npm run dev
# Run tests
kuba run --env testing -- npm test
# Run database migrations
kuba run --env development -- npm run migrate
# Start background services
kuba run --env development -- npm run start:servicesDevelopment Configuration:
development:
provider: gcp
project: my-dev-project
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "dev-database-url"
- environment-variable: "API_KEY"
secret-key: "dev-api-key"
- environment-variable: "DEBUG"
value: "true"
- environment-variable: "LOG_LEVEL"
value: "debug"
testing:
provider: gcp
project: my-dev-project
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "test-database-url"
- environment-variable: "API_KEY"
secret-key: "test-api-key"
- environment-variable: "NODE_ENV"
value: "test"Team Collaboration
Share configuration templates with your team:
# kuba.yaml.template (commit this to version control)
default:
provider: gcp
project: YOUR_PROJECT_ID
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "database-url"
- environment-variable: "API_KEY"
secret-key: "api-key"
- environment-variable: "REDIS_URL"
value: "redis://${REDIS_HOST:-localhost}:6379"
development:
provider: gcp
project: YOUR_PROJECT_ID
mappings:
- environment-variable: "DATABASE_URL"
secret-key: "dev-database-url"
- environment-variable: "DEBUG"
value: "true"Instructions for team members:
- Copy
kuba.yaml.templatetokuba.yaml - Replace
YOUR_PROJECT_IDwith your actual project ID - Set up authentication for your cloud provider
- Create the necessary secrets in your cloud provider
- Run
kuba run --env development -- npm run dev
Advanced Configuration Examples
Multi-Environment with Secret Paths
Use secret paths to bulk-load related secrets:
production:
provider: gcp
project: my-project
mappings:
# Individual secrets
- environment-variable: "APP_ENV"
value: "production"
# Database secrets (bulk load)
- environment-variable: "DB"
secret-path: "database"
# API keys (bulk load)
- environment-variable: "API"
secret-path: "external-apis"
# Service secrets (bulk load)
- environment-variable: "SERVICE"
secret-path: "microservices"
# Interpolated connection strings
- environment-variable: "DATABASE_URL"
value: "postgresql://${DB_USERNAME}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}"
- environment-variable: "REDIS_URL"
value: "redis://${REDIS_HOST:-localhost}:${REDIS_PORT:-6379}/0"Note: This configuration will create environment variables like DB_USERNAME, DB_PASSWORD, API_STRIPE_KEY, SERVICE_AUTH_TOKEN, etc.
Cross-Provider Configuration
Use different cloud providers for different types of secrets:
production:
provider: gcp
project: my-gcp-project
mappings:
# GCP secrets
- environment-variable: "GCP_PROJECT_ID"
secret-key: "project-id"
# AWS secrets
- environment-variable: "AWS_ACCESS_KEY"
secret-key: "aws-access-key"
provider: aws
# Azure secrets
- environment-variable: "AZURE_TENANT_ID"
secret-key: "tenant-id"
provider: azure
project: "my-azure-project"
# OpenBao secrets
- environment-variable: "INTERNAL_API_KEY"
secret-key: "internal-api-key"
provider: openbao
# Hard-coded values
- environment-variable: "APP_ENV"
value: "production"
- environment-variable: "DEBUG"
value: "false"Next Steps
Configuration Guide
Learn more about advanced configuration options and best practices.
Configuration GuideCloud Providers
Set up authentication and permissions for your cloud providers.
Cloud Providers Guide