GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → christippett → ssm-parameter-store

christippett / ssm-parameter-store

Licence: MIT license
A simple Python library for getting values from AWS Systems Manager Parameter Store

Programming Languages

python
139335 projects - #7 most used programming language

Labels

awsdjangosecret-managementhacktoberfestparameter-store

Projects that are alternatives of or similar to ssm-parameter-store

Community.sops
Simple and flexible tool for managing secrets
Stars: ✭ 30 (+15.38%)
Mutual labels:  secret-management
Secretary
DEPRECATED Secrets management for dynamic environments
Stars: ✭ 93 (+257.69%)
Mutual labels:  secret-management
Hashicorp Vault Plugin
Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
Stars: ✭ 191 (+634.62%)
Mutual labels:  secret-management
Aomi
Provide secrets to build and release pipelines in a self service way using Hashicorp Vault.
Stars: ✭ 33 (+26.92%)
Mutual labels:  secret-management
Secretserver
Secret Server PowerShell Module
Stars: ✭ 82 (+215.38%)
Mutual labels:  secret-management
Secretless Broker
Secure your apps by making them Secretless
Stars: ✭ 155 (+496.15%)
Mutual labels:  secret-management
Freeipa
Mirror of FreeIPA, an integrated security information management solution
Stars: ✭ 520 (+1900%)
Mutual labels:  secret-management
Keywhiz
A system for distributing and managing secrets
Stars: ✭ 2,452 (+9330.77%)
Mutual labels:  secret-management
Envkey App
Secure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (+219.23%)
Mutual labels:  secret-management
Operator
🔐 HashiCorp Vault Operator for Kubernetes
Stars: ✭ 178 (+584.62%)
Mutual labels:  secret-management
Vaulted
nodejs based wrapper for HashiCorp's Vault HTTP API
Stars: ✭ 47 (+80.77%)
Mutual labels:  secret-management
Vault.net
.NET API client for vault
Stars: ✭ 74 (+184.62%)
Mutual labels:  secret-management
Ecs Secrets
Runtime secrets management solution for ECS using Task IAM Roles
Stars: ✭ 171 (+557.69%)
Mutual labels:  secret-management
Berglas
A tool for managing secrets on Google Cloud
Stars: ✭ 959 (+3588.46%)
Mutual labels:  secret-management
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+615.38%)
Mutual labels:  secret-management
Tomb
the Crypto Undertaker
Stars: ✭ 859 (+3203.85%)
Mutual labels:  secret-management
Churp
Decentralize your secrets!
Stars: ✭ 100 (+284.62%)
Mutual labels:  secret-management
Strongbox
A secret manager for AWS
Stars: ✭ 243 (+834.62%)
Mutual labels:  secret-management
Git Secret
👥 A bash-tool to store your private data inside a git repository.
Stars: ✭ 2,706 (+10307.69%)
Mutual labels:  secret-management
Helm Secrets
Successor of zendesk/helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
Stars: ✭ 165 (+534.62%)
Mutual labels:  secret-management
View All Similar Projects ➔

SSM Parameter Store

PyPI version Build status Coverage Python versions Github license

Description

This is a simple Python wrapper for getting values from AWS Systems Manager Parameter Store.

The module supports getting a single parameter, multiple parameters or all parameters matching a particular path.

All parameters are returned as a Python dict.

Installation

Install with pip:

pip install ssm-parameter-store

Usage

Import the module and create a new instance of EC2ParameterStore.

from ssm_parameter_store import EC2ParameterStore

store = EC2ParameterStore()

AWS Credentials

ssm-parameter-store uses boto3 under the hood and therefore inherits the same mechanism for looking up AWS credentials. See configuring credentials in the Boto 3 documentation for more information.

EC2ParameterStore accepts all boto3 client parameters as keyword arguments.

For example:

from ssm_parameter_store import EC2ParameterStore

store = EC2ParameterStore(
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN,  # optional
    region_name='us-west-2'
)

Examples

Given the following parameters:

# set default AWS region
AWS_DEFAULT_REGION=us-west-2

# add parameters
aws ssm put-parameter --name "param1" --value "value1" --type SecureString
aws ssm put-parameter --name "param2" --value "value2" --type SecureString

# add parameters organised by hierarchy
aws ssm put-parameter --name "/dev/app/secret" --value "dev_secret" --type SecureString
aws ssm put-parameter --name "/dev/db/postgres_username" --value "dev_username" --type SecureString
aws ssm put-parameter --name "/dev/db/postgres_password" --value "dev_password" --type SecureString
aws ssm put-parameter --name "/prod/app/secret" --value "prod_secret" --type SecureString
aws ssm put-parameter --name "/prod/db/postgres_username" --value "prod_username" --type SecureString
aws ssm put-parameter --name "/prod/db/postgres_password" --value "prod_password" --type SecureString

Get a single parameter

parameter = store.get_parameter('param1', decrypt=True)

assert parameter == {
   'param1': 'value1'
}

Get multiple parameters

parameters = store.get_parameters(['param1', 'param2'])

assert parameters == {
   'param1': 'value1',
   'param2': 'value2',
}

Get parameters by path

parameters = store.get_parameters_by_path('/dev/', recursive=True)

assert parameters == {
    'secret': 'dev_secret',
    'postgres_username': 'dev_username',
    'postgres_password': 'dev_password',
}

By default get_parameters_by_path strips the path from each parameter name. To return a parameter's full name, set strip_path to False.

parameters = store.get_parameters_by_path('/dev/', strip_path=False, recursive=True)

assert parameters == {
    '/dev/app/secret': 'dev_secret',
    '/dev/db/postgres_username': 'dev_username',
    '/dev/db/postgres_password': 'dev_password'
}

Get parameters with original hierarchy

You can also get parameters by path, but in a nested structure that models the path hierarchy.

parameters = store.get_parameters_with_hierarchy('/dev/')

assert parameters == {
    'app': {
        'secret': 'dev_secret',
    },
    'db': {
        'postgres_username': 'dev_username',
        'postgres_password': 'dev_password',
    },
}

By default get_parameters_with_hierarchy strips the leading path component. To return the selected parameters with the full hierarchy, set strip_path to False.

parameters = store.get_parameters_with_hierarchy('/dev/', strip_path=False)

assert parameters == {
    'dev': {
        'app': {
            'secret': 'dev_secret',
        },
        'db': {
            'postgres_username': 'dev_username',
            'postgres_password': 'dev_password',
        },
    },
}

Populating Environment Variables

The module includes a static method on EC2ParameterStore to help populate environment variables. This can be helpful when integrating with a library like django-environ.

Example

Given the following parameters:

aws ssm put-parameter --name "/prod/django/SECRET_KEY" --value "-$y_^@69bm69+z!fawbdf=h_10+zjzfwr8_c=$$&j@-%p$%ct^" --type SecureString
aws ssm put-parameter --name "/prod/django/DATABASE_URL" --value "psql://user:[email protected]:5432/db" --type SecureString
aws ssm put-parameter --name "/prod/django/REDIS_URL" --value "redis://redis-prod.edc1ba.0001.usw2.cache.amazonaws.com:6379" --type SecureString
import environ
from ssm_parameter_store import EC2ParameterStore

env = environ.Env(
    DEBUG=(bool, False)
)

# Get parameters and populate os.environ (region not required if AWS_DEFAULT_REGION environment variable set)
parameter_store = EC2ParameterStore(region_name='us-west-2')
django_parameters = parameter_store.get_parameters_by_path('/prod/django/', strip_path=True)
EC2ParameterStore.set_env(django_parameters)

# False if not in os.environ
DEBUG = env('DEBUG')

# Raises django's ImproperlyConfigured exception if SECRET_KEY not in os.environ
SECRET_KEY = env('SECRET_KEY')

DATABASES = {
    # read os.environ['DATABASE_URL'] and raises ImproperlyConfigured exception if not found
    'default': env.db(),
}

CACHES = {
    'default': env.cache('REDIS_URL'),
}

Related Projects

  • param-store – Python module to store secrets in secret stores
  • ssm-cache – AWS System Manager Parameter Store caching client for Python
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].