webhookx-io
diff --git a/‎admin/admin.go‎
Lines changed: 3 additions & 3 deletions b/‎admin/admin.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/app.go‎
Lines changed: 0 additions & 1 deletion b/‎app/app.go‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎cmd/db.go‎
Lines changed: 13 additions & 1 deletion b/‎cmd/db.go‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎cmd/root.go‎
Lines changed: 9 additions & 14 deletions b/‎cmd/root.go‎
Lines changed: 9 additions & 14 deletions
diff --git a/‎cmd/start.go‎
Lines changed: 5 additions & 0 deletions b/‎cmd/start.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎config.yml‎
Lines changed: 39 additions & 22 deletions b/‎config.yml‎
Lines changed: 39 additions & 22 deletions
@@ -7,18 +7,18 @@ import (
 	"os"
 	"time"
 
-	"github.com/webhookx-io/webhookx/config"
+	"github.com/webhookx-io/webhookx/config/modules"
 	"go.uber.org/zap"
 )
 
 // Admin is an HTTP Server
 type Admin struct {
-	cfg *config.AdminConfig
+	cfg *modules.AdminConfig
 	s   *http.Server
 	log *zap.SugaredLogger
 }
 
-func NewAdmin(cfg config.AdminConfig, handler http.Handler) *Admin {
+func NewAdmin(cfg modules.AdminConfig, handler http.Handler) *Admin {
 	s := &http.Server{
 		Handler: handler,
 		Addr:    cfg.Listen,
 
@@ -93,7 +93,6 @@ func New(cfg *config.Config) (*Application, error) {
 
 func (app *Application) initialize() error {
 	cfg := app.cfg
-	cfg.OverrideByRole(cfg.Role)
 
 	log, err := log.NewZapLogger(&cfg.Log)
 	if err != nil {
 
@@ -1,10 +1,12 @@
 package cmd
 
 import (
+	"context"
 	"errors"
 
 	"github.com/golang-migrate/migrate/v4"
 	"github.com/spf13/cobra"
+	"github.com/webhookx-io/webhookx/config"
 	"github.com/webhookx-io/webhookx/db"
 	"github.com/webhookx-io/webhookx/db/migrator"
 )
@@ -25,6 +27,7 @@ func newDatabaseResetCmd() *cobra.Command {
 					return errors.New("canceled")
 				}
 			}
+			cfg := cmd.Context().Value("config").(*config.Config)
 			db, err := db.NewSqlDB(cfg.Database)
 			if err != nil {
 				return err
@@ -47,11 +50,18 @@ func newDatabaseResetCmd() *cobra.Command {
 }
 
 func newDatabaseCmd() *cobra.Command {
-
 	database := &cobra.Command{
 		Use:   "db",
 		Short: "Database commands",
 		Long:  ``,
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			cfg, err := initConfig(configurationFile)
+			if err != nil {
+				return err
+			}
+			cmd.SetContext(context.WithValue(cmd.Context(), "config", cfg))
+			return nil
+		},
 	}
 
 	database.PersistentFlags().StringVarP(&configurationFile, "config", "", "", "The configuration filename")
@@ -62,6 +72,7 @@ func newDatabaseCmd() *cobra.Command {
 		Short: "Print the migration status",
 		Long:  ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
+			cfg := cmd.Context().Value("config").(*config.Config)
 			db, err := db.NewSqlDB(cfg.Database)
 			if err != nil {
 				return err
@@ -81,6 +92,7 @@ func newDatabaseCmd() *cobra.Command {
 		Short: "Run any new migrations",
 		Long:  ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
+			cfg := cmd.Context().Value("config").(*config.Config)
 			db, err := db.NewSqlDB(cfg.Database)
 			if err != nil {
 				return err
 
@@ -14,24 +14,20 @@ var (
 var (
 	configurationFile string
 	verbose           bool
-	cfg               *config.Config
 )
 
-func initConfig() {
-	var err error
-
-	var options config.Options
-	if configurationFile != "" {
-		buf, err := os.ReadFile(configurationFile)
-		cobra.CheckErr(err)
-		options.YAML = buf
+func initConfig(filename string) (*config.Config, error) {
+	cfg := config.New()
+	err := config.Load(filename, cfg)
+	if err != nil {
+		return nil, err
 	}
 
-	cfg, err = config.New(&options)
-	cobra.CheckErr(err)
-
 	err = cfg.Validate()
-	cobra.CheckErr(err)
+	if err != nil {
+		return nil, err
+	}
+	return cfg, nil
 }
 
 func NewRootCmd() *cobra.Command {
@@ -41,7 +37,6 @@ func NewRootCmd() *cobra.Command {
 		Long:         ``,
 		SilenceUsage: true,
 	}
-	cobra.OnInitialize(initConfig)
 
 	cmd.SetOut(os.Stdout)
 	cmd.PersistentFlags().BoolVarP(&verbose, "verbose", "", false, "Verbose logging.")
 
@@ -16,6 +16,11 @@ func newStartCmd() *cobra.Command {
 		Short: "Start server",
 		Long:  ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
+			cfg, err := initConfig(configurationFile)
+			if err != nil {
+				return err
+			}
+
 			app, err := app.New(cfg)
 			if err != nil {
 				return err
 
@@ -183,31 +183,48 @@ tracing:
 
 
 #------------------------------------------------------------------------------
-# Secret (remote secret)
-# reference: {secret://<provider>/<name>[?<properties>][#/jsonpointer]}
-# Example: {secret://aws/path/to/secret#/password?ttl=1}
+# Secret Reference (External Secret Reference)
+# Secret Reference allows fetching values from external secret providers.
+#
+# Syntax:
+#   {secret://<provider>/<name>[.<jsonpath>][?<parameters>]}
+#
+# Components:
+# - <provider>       The provider name (e.g.`aws`, `vault`).
+# - <name>           The secret name.
+# - <jsonpath>       A optional JSON Path to extract value from a JSON.
+#                    JSON Path is a series of keys separated by a `.` character.
+#                    Examples: `database.username`, `credentials.1.username`.
+# - <parameters>     The optional parameters.
+#
+# Examples:
+#   {secret://aws/path/to/mysecret}
+#   {secret://aws/path/to/mysecret.password}
 #------------------------------------------------------------------------------
 secret:
   providers:                                    # Specifies enabled providers.
-    - '@default'
-    - '@all'
-  ttl: 10s
-  aws:                                          # AWS SecretManager provider
-    region: us-west-1
-    url: http://localhost:4566 # aws_url?
-
-  vault:                                        # HashiCorp Vault provider
-    address: http://localhost:8200
-    mount_path: secret
-    namespace:
-    auth_method: approle
-    authn:
+    - '@default'                                # Supported values:
+                                                # - `@default`: an alias of built-in providers.
+                                                # - `aws`
+                                                # - `vault`
+
+  aws:                                          # AWS SecretsManager provider
+    region:                                     # AWS region.
+    url:                                        # Optional custom endpoint.
+                                                # If unset, uses AWS default endpoint resolution.
+
+  vault:                                        # HashiCorp Vault provider (KV v2)
+    address: http://127.0.0.1:8200              # Vault server address.
+    mount_path: secret                          # The mount path for KV secrets engine.
+    namespace:                                  # Vault namespace (for Vault Enterprise).
+    auth_method: token                          # Authentication method. Supported values: `token`, `approle`, `kubernetes`.
+    authn:                                      # Authentication configuration.
       token:
-        token:
+        token:                                  # The token used to making requests to Vault.
       approle:
-        role_id:
-        secret_id:
-        response_wrapping: false
+        role_id:                                # RoleID used for login.
+        secret_id:                              # SecretID used for login.
+        response_wrapping: false                # Whether to use response-wrapping. Defaults to false.
       kubernetes:
-        role:
-        token_path:
+        role:                                   # Vault role bound to the Kubernetes service account.
+        token_path:                             # Path to JWT token file.