feat: Add usage examples

README.md

@@ -5,9 +5,23 @@
 
 **Minimalistic init system for containers injecting secrets from various secret stores.**
 
-## Usage
+## Features
 
-TODO
+
+- `Multi-provider support`: No need to explicitly specify the secret provider; instead, secrets are loaded based on environment variable references.
+- `Async loading`: Secrets are loaded asynchronously, enhancing speed and efficiency.
+- `Load without modification`: `Secret-init` replaces environment variable values, with values from secret providers, without modification.
+- `Renew secrets`: If `secret-init` is used in daemon mode, it will renew secrets in the background.
+
+| **Supported Providers**                                      | **Status**     |
+|--------------------------------------------------------------|----------------|
+| [HashiCorp Vault](https://www.vaultproject.io)               | ✅ Implemented |
+| [AWS Secrets Manager](https://aws.amazon.com/secrets-manager)| Upcoming       |
+
+## Getting started
+
+- `Secret-init` is designed for use with the [Kubernetes mutating webhook](https://bank-vaults.dev/docs/mutating-webhook/); however, it can also function as a standalone tool.
+- Take a look at some of the [examples](examples) that showcase the use of `secret-init`.
 
 ## Development
 

examples/README.md

@@ -0,0 +1,3 @@
+## Usage Examples
+
+Discover a range of examples that highlight the functionalities of **Secret-init**.

examples/secret-init-as-a-standalone-tool.md

@@ -0,0 +1,87 @@
+## Secret-init as a standalone tool
+**Multi-provider setup**
+
+## Prerequisites
+
+- Golang `>= 1.21`
+- Makefile
+- Docker compose
+
+## Environment setup
+
+```bash
+# Deploy a Vault instance
+make up
+```
+
+```bash
+# FILE PROVIDER SETUP
+
+# Create a folder for the example assets
+mkdir -p example
+
+# Create secrets for the file provider
+printf "secret-value" >> "example/secret-file"
+printf "super-secret-value" >> "example/super-secret-value"
+
+#NOTE: Optionally you can set a mount path for the file provider by using the FILE_MOUNT_PATH environment variable.
+```
+
+```bash
+# VAULT PROVIDER SETUP
+
+# Create a tokenfile
+printf $VAULT_TOKEN > "example/token-file"
+export VAULT_TOKEN_FILE=$PWD/example/token-file
+
+#NOTE: Secret-init can authenticate to Vault by supplying role/path credentials. 
+
+# Create secrets for the vault provider
+vault kv put secret/test/mysql MYSQL_PASSWORD=3xtr3ms3cr3t
+vault kv put secret/test/aws AWS_ACCESS_KEY_ID=secretId AWS_SECRET_ACCESS_KEY=s3cr3t
+
+#NOTE: If you would like to use secret-init in daemon mode to renew secrets in the background.
+
+#Set daemon mode
+
+export SECRET_INIT_DAEMON="true"
+```
+
+```bash
+# Export environment variables
+export FILE_SECRET_1=file:$PWD/example/secret-file
+export FILE_SECRET_2=file:$PWD/example/super-secret-value
+export MYSQL_PASSWORD=vault:secret/data/test/mysql#MYSQL_PASSWORD
+export AWS_SECRET_ACCESS_KEY=vault:secret/data/test/aws#AWS_SECRET_ACCESS_KEY
+export AWS_ACCESS_KEY_ID=vault:secret/data/test/aws#AWS_ACCESS_KEY_ID
+```
+
+## Run secret-init
+
+```bash
+# Build the secret-init binary
+go build
+
+# Run secret-init with a command e.g.
+./secret-init env | grep 'MYSQL_PASSWORD\|AWS_SECRET_ACCESS_KEY\|AWS_ACCESS_KEY_ID\|FILE_SECRET_1\|FILE_SECRET_2'
+```
+
+## Cleanup
+
+```bash
+# Remove files and binary
+rm -rd example/
+rm -rf secret-init
+
+# Remove the Vault instance
+make down
+
+# Unset the environment variables
+unset VAULT_TOKEN_FILE
+unset SECRET_INIT_DAEMON
+unset FILE_SECRET_1
+unset FILE_SECRET_2
+unset MYSQL_PASSWORD
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_ACCESS_KEY_ID
+```

examples/secret-init-with-secrets-webhook.md

@@ -0,0 +1,3 @@
+## secret-init in combination with the secret injection webhook
+
+Usage examples can be found in the webhooks [documentation](https://bank-vaults.dev/docs/mutating-webhook/).