secretly

command module

v0.0.0-...-38dbf55 Latest Latest Go to latest Published: Jan 6, 2021 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/energyhub/secretly

README ¶

secretly

Add secrets from AWS Parameter Store to your environment. That's it.

Inspired by chamber but losing the bells and whistles -- secretly only performs reads from the parameter store -- and a little less opinionated about namespacing and parameter store usage.

usage

secretly runs the command passed to it with the variables defined in the SECRETLY_NAMESPACE of AWS' Parameter Store.

If SECRETLY_NAMESPACE is undefined it behaves normally.

secretly [COMMAND...]
SECRETLY_NAMESPACE=MY_NAMESPACE secretly [COMMAND...]

For example, say you've stored the value mysecretpassword with the name /foor/bar/BAZ in the parameter store.

$ secretly env | grep BAZ
# nothing
$ export SECRETLY_NAMESPACE=foo/bar
$ secretly env | grep BAZ
BAZ=mysecretpassword

In addition, it's possible to specify multiple namespaces by separating them with commas in the SECRETLY_NAMESPACE variable. If a parameter is defined in multiple namespaces, the parameter from the right-most entry in the comma separated list of namespaces will be returned.

$ secretly env | grep APP
# nothing
$ export SECRETLY_NAMESPACE=common/dev,myapp/dev
$ secretly env | grep APP
APP_SHARED_API_KEY=mysecretpassword
APP_MYAPP_SECRET=mysecretpassword

Secretly is meant to have a very specific and lightweight purpose -- to be called from a Dockerfile. Add it to your Dockerfile, chmod +x it, and prefix your CMD or ENTRYPOINT with it -- CMD ["secretly", "run_myawesomeapp.sh"]. Check out the trivial example in example.Dockerfile.

Now:

$ docker build -f example.Dockerfile -t secretly-test .
$ docker run secretly-test | grep BAZ
# nada
$ docker run -e SECRETLY_NAMESPACE=foo/bar secretly-test | grep BAZ
# shit, auth error!
$ docker run -e SECRETLY_NAMESPACE=foo/bar -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY secretly-test | grep BAZ
BAZ=mysecretpassword

In ECS, provided you're using AWS IAM roles, the auth params won't be necessary.

building it

$ make test
$ make dist  # plops stuff in dist/
$ make clean  # cleans out dist

Any tagged commits will be built by travis and published with artifacts.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL