Comments (3)
@jleclanche I personally think we will eventually need an abstraction layer on top of parameter store to manage where keys go in the parameter store and which keys services have access to. We have about 600 items in our production account's parameter store and this is a problem I've heard from the GCP folks too.
The way I see it. The easiest way to share keys is by giving more access to services using IAM. Creating a shared "bucket".
$ chamber write c api_key abcdef1234
And give each service access to this shared bucket. Then you can your program like this.
$ chamber exec a c -- run
This has the downside that there can be a lot of connections and it can be difficult to grok.
from chamber.
Interesting approach! I hear you on scaling the management of it; it doesn't help that stuff can't be deleted :) (#20)
I quite like the idea of having chamber be responsible for allowing services access to other secrets, though. If you have to give access to multiple services like this, your deployment ends up looking like chamber exec cloudflare stripe paypal sentry loggly rds redshift -- run
, it's a bit of a mess...
By the way, I'd be curious to hear whether you guys considered Credstash, which predates Chamber by quite a bit. It uses DynamoDB however; I'm not sure why chamber is the only one to use SSM Parameter Store though, I feel like I'm missing something about potential drawbacks to using it.
from chamber.
@jleclanche I'm like, 99.99% sure that parameter store is just AWS implementing credstash under the hood as an API.
from chamber.
Related Issues (20)
- CVE-2023-24538 - Go Lang 1.19.6 Critical Vulnerability HOT 1
- Please add renovatebot or dependabot to keep dependencies updated HOT 1
- Please consider dropping support for older golang versions like go1.15 and go1.16
- Please consider using GetParameter(s) instead of GetParametersByPath HOT 2
- Logger writes to stdout, messing up output HOT 2
- Chamber is not working with recommended AWS SSO config that uses sso-session HOT 15
- CVE-2023-29404 - Go Lang Critical Vulnerability HOT 1
- Feature request: No clobber of existing environment variables HOT 3
- Artifact upload is failing HOT 1
- CVE-2023-39323 - Go Lang Critical Vulnerability
- Allow using `CHAMBER_BACKEND` env variable to set the backend HOT 2
- Feature request: dry run mode to show full path and result of create/update
- Serialize YAML and JSON into string -> cannot unmarshal !!seq !!map into string HOT 9
- Origin of the name chamber HOT 2
- Add dockerfile golang version to dependabot config
- Feature request: Show key id in history output
- Update to aws-sdk-go-v2
- Incorrect escape of exclamation mark in export HOT 6
- `history` reports duplicate version numbers for Parameter Store key HOT 3
- Chamber crashes looking up AMIs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chamber.