Run Collectors

Prerequisites

epack installed with -tags components
An epack.yaml with collectors configured
Collector credentials available either as environment variables or managed credential sets

1. Configure collectors in epack.yaml

Add collectors to your configuration file:

epack.yaml

            stream: myorg/prod

credential_sets:
  github_repo: credset_abc123

collectors:
  github:
    source: locktivity/epack-collector-github@^0.1.0
    config:
      organization: myorg
    credentials:
      - github_repo
    # For manual setups, use secrets instead:
    # secrets:
    #   - GITHUB_TOKEN

  aws:
    source: locktivity/epack-collector-aws@v1
    config:
      regions:
        - us-east-1
        - us-west-2
    secrets:
      - AWS_ACCESS_KEY_ID
      - AWS_SECRET_ACCESS_KEY
          

2. Set environment variables if needed

If you use manual secrets, export them before running collection. If you use managed credentials, epack resolves them through the configured broker at runtime.

            export GITHUB_TOKEN="ghp_xxxxxxxxxxxx"
export AWS_ACCESS_KEY_ID="AKIA..."
export AWS_SECRET_ACCESS_KEY="..."
          

3. Run collection

Run all collectors and build the pack:

epack collect

Expected output

Locking collectors...
  ✓ github locked to sha256:a1b2c3...
  ✓ aws locked to sha256:d4e5f6...

Syncing collectors...
  ✓ github synced
  ✓ aws synced

Running collectors...
  ✓ github (3 artifacts)
  ✓ aws (5 artifacts)

✓ Built evidence-2025-02-23-153000.epack
  Stream: myorg/prod
  Artifacts: 8

4. Sign the pack

epack sign packs/*.epack

Variations

Run a single collector

epack collector run --only github

Run in CI with locked versions

Use --frozen to fail if the lockfile doesn't match:

epack collect --frozen

Update collector versions

Re-resolve all collectors to their latest matching versions:

epack lock --all-platforms

Run individual steps

The collect command runs lock → sync → run → build. You can run these separately:

            epack lock              # Resolve versions to digests
epack sync              # Download collector binaries
epack collector run     # Execute all collectors
epack build out.pack ./artifacts/*
          

CLI Reference: collect — All flags and options
Config Reference: collectors — Full schema
Concepts: How collectors work — Architecture and security model
Automate in CI/CD — Run collectors in GitHub Actions