Giter Site home page Giter Site logo

env-injector's Introduction

env-injector

A simple tool to inject credentials into environment variables from AWS Secrets Manager and/or Systems Manager Parameter Store.

Install

Download from releases.

How to use

Using meta config

# When your secrets manager and parameter store are configured as below,
$ aws secretsmanager get-secret-value --secret-id prd/db1 --query SecretString --output text
{"user":"alice","password":"foo"}
$ aws secretsmanager get-secret-value --secret-id prd/db2 --query SecretString --output text
{"user":"bob","password":"bar"}
$ aws ssm get-parameters-by-path --with-decryption --path /prod/wap
{
    "Parameters": [
        {
            "Type": "SecureString",
            "Name": "/prod/wap/SOME_OTHER_CONFIG",
            "Value": "hoge"
        }
    ]
}

# And meta config yaml is stored as below, 
$ aws ssm get-parameter --name /meta/prd/wap --query Parameter.Value --output text
- secret_name: prd/db1
  env_prefix: db1
  capitalize: true
- secret_name: prd/db2
  env_prefix: db2
  capitalize: true
- parameter_store_path: /prod/wap


# Then specify meta config,
$ export ENV_INJECTOR_META_CONFIG=/meta/prd/wap

# and exec your command via env-injector.
$ env-injector env 
DB1_USER=alice
DB1_PASSWORD=foo
DB2_USER=bob
DB2_PASSWORD=var
SOME_OTHER_CONFIG=hoge

Injecting form Secrets Manages

# When your secrets manager is configured as below,
$ aws secretsmanager get-secret-value --secret-id prd/db --query SecretString --output text
{"DB_USER":"scott","DB_PASSWORD":"tiger"}

# And specify your secret name
$ export ENV_INJECTOR_SECRET_NAME=prd/db

# Then exec your command via env-injector.
$ env-injector env | grep DB_
DB_USER=scott
DB_PASSWORD=tiger

Required IAM role policy is as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": [
                "arn:aws:secretsmanager:ap-northeast-1:123456789012:secret:prd/db-*"
            ]
        }
    ]
}

Injecting form Parameter Store

You can use hierarchical parameters and/or grouped parameters.

Injecting hierarchical parameters

# When your parameter store is configured as below,
$ aws ssm get-parameters-by-path --with-decryption --path /prod/wap
{
    "Parameters": [
        {
            "Type": "String",
            "Name": "/prod/wap/DB_USER",
            "Value": "scott"
        },
        {
            "Type": "SecureString",
            "Name": "/prod/wap/DB_PASSWORD",
            "Value": "tiger"
        }
    ]
}

# And specify parameter name path
$ export ENV_INJECTOR_PATH=/prod/wap

# Then exec your command via env-injector.
$ env-injector env | grep DB_
DB_USER=scott
DB_PASSWORD=tiger

Required IAM role policy is as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetParametersByPath"
            ],
            "Resource": [
                "arn:aws:ssm:ap-northeast-1:123456789012:parameter/prod/wap"
            ]
        }
    ]
}

Injecting grouped parameters

# When your parameter store is configured as below,
$ aws ssm get-parameters --with-decryption --names prod.wap.DB_USER prod.wap.DB_PASSWORD
{
    "InvalidParameters": [],
    "Parameters": [
        {
            "Type": "String",
            "Name": "prod.wap.DB_USER",
            "Value": "scott"
        },
        {
            "Type": "SecureString",
            "Name": "prod.wap.DB_PASSWORD",
            "Value": "tiger"
        }
    ]
}


# Set empty environment valiables.
$ export DB_USER=
$ export DB_PASSWORD=

# And specify parameter name prefix.
$ export ENV_INJECTOR_PREFIX=prod.wap

# Then exec your command via env-injector.
$ env-injector env | grep DB_
DB_USER=scott
DB_PASSWORD=tiger

Required IAM role policy is as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameters"
            ],
            "Resource": [
                "arn:aws:ssm:ap-northeast-1:123456789012:parameter/prod.wap.*"
            ]
        }
    ]
}

DEBUG

Set ENV_INJECTOR_VERBOSE=1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.