feat: Add usage examples (#81)

* feat(examples): update readme, add examples

Signed-off-by: Bence Csati <[email protected]>

* fix: minor fixes

Signed-off-by: Bence Csati <[email protected]>

* fix: minor fixes

Signed-off-by: Bence Csati <[email protected]>

---------

Signed-off-by: Bence Csati <[email protected]>

README.md

@@ -5,9 +5,23 @@
 
 **Minimalistic init system for containers injecting secrets from various secret stores.**
 
-## Usage
+## Features
 
-TODO
+
+- **Multi-provider support** - Automatically deduces and initializes required secret providers from environment variable references.
+- **Async loading** - Secrets are loaded asynchronously to improve speed.
+- **Renew secrets** - Use daemon mode to renew secrets in the background.
+
+| **Supported Providers**                                      | **Status**     |
+|--------------------------------------------------------------|----------------|
+|  File proivder                                               | ✅ Implemented  |
+| [HashiCorp Vault](https://www.vaultproject.io)               | ✅ Implemented  |
+| [AWS Secrets Manager](https://aws.amazon.com/secrets-manager)| Upcoming       |
+
+## Getting started
+
+- `secret-init` is designed for use with the [Kubernetes mutating webhook](https://bank-vaults.dev/docs/mutating-webhook/). It can also function as a standalone tool.
+- Take a look at some of the [examples](examples) that showcase the use of `secret-init`.
 
 ## Development
 

examples/README.md

@@ -0,0 +1,4 @@
+## Usage Examples
+
+Discover a range of examples that highlight the functionalities of **secret-init**:
+- [Standalone tool](secret-init-as-a-standalone-tool)

examples/secret-init-as-a-standalone-tool.md

@@ -0,0 +1,85 @@
+## Secret-init as a standalone tool
+**Multi-provider setup**
+
+## Prerequisites
+
+- Golang `>= 1.21`
+- Makefile
+- Docker compose
+
+## Environment setup
+
+```bash
+# Deploy a Vault instance
+make up
+```
+
+```bash
+# Create a folder for the example assets
+mkdir -p example
+```
+
+### Prepare File provider
+```bash
+# Create secrets for the file provider
+printf "secret-value" >> "example/secret-file"
+printf "super-secret-value" >> "example/super-secret-value"
+
+#NOTE: Optionally you can set a mount path for the file provider by using the FILE_MOUNT_PATH environment variable.
+```
+
+### Prepare Vault provider
+```bash
+# Create a tokenfile
+printf $VAULT_TOKEN > "example/token-file"
+export VAULT_TOKEN_FILE=$PWD/example/token-file
+
+#NOTE: Secret-init can authenticate to Vault by supplying role/path credentials.
+
+# Create secrets for the vault provider
+vault kv put secret/test/mysql MYSQL_PASSWORD=3xtr3ms3cr3t
+vault kv put secret/test/aws AWS_ACCESS_KEY_ID=secretId AWS_SECRET_ACCESS_KEY=s3cr3t
+```
+
+## Define secrets to inject
+```bash
+# Export environment variables
+export FILE_SECRET_1=file:$PWD/example/secret-file
+export FILE_SECRET_2=file:$PWD/example/super-secret-value
+export MYSQL_PASSWORD=vault:secret/data/test/mysql#MYSQL_PASSWORD
+export AWS_SECRET_ACCESS_KEY=vault:secret/data/test/aws#AWS_SECRET_ACCESS_KEY
+export AWS_ACCESS_KEY_ID=vault:secret/data/test/aws#AWS_ACCESS_KEY_ID
+```
+
+## Run secret-init
+
+```bash
+# Build the secret-init binary
+go build
+
+# Use in daemon mode
+SECRET_INIT_DAEMON="true"
+
+# Run secret-init with a command e.g.
+./secret-init env | grep 'MYSQL_PASSWORD\|AWS_SECRET_ACCESS_KEY\|AWS_ACCESS_KEY_ID\|FILE_SECRET_1\|FILE_SECRET_2'
+```
+
+## Cleanup
+
+```bash
+# Remove files and binary
+rm -rd example/
+rm -rf secret-init
+
+# Remove the Vault instance
+make down
+
+# Unset the environment variables
+unset VAULT_TOKEN_FILE
+unset SECRET_INIT_DAEMON
+unset FILE_SECRET_1
+unset FILE_SECRET_2
+unset MYSQL_PASSWORD
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_ACCESS_KEY_ID
+```