GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → cyberark → summon-aws-secrets

cyberark / summon-aws-secrets

Licence: MIT license
Summon provider for AWS Secrets Manager

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

awssummonsecrets-managementsummon-provideraws-secrets-managerconjbot-notifyconjur-community-team

Projects that are alternatives of or similar to summon-aws-secrets

summon-conjur
CyberArk Conjur provider for Summon
Stars: ✭ 32 (-31.91%)
Mutual labels:  summon, summon-provider, conjbot-notify, conjur-community-team
conjur-template
Template repo for Conjur repositories
Stars: ✭ 14 (-70.21%)
Mutual labels:  conjbot-notify, conjur-community-team
conjur-quickstart
Start securing your secrets and infrastructure by installing Conjur, using Docker and the official Conjur containers on DockerHub.
Stars: ✭ 18 (-61.7%)
Mutual labels:  secrets-management, conjbot-notify
awssecret2env
Convert secrets stored in AWS Secrets Manager to environment variables
Stars: ✭ 44 (-6.38%)
Mutual labels:  secrets-management, aws-secrets-manager
Kubernetes External Secrets
Integrate external secret management systems with Kubernetes
Stars: ✭ 2,412 (+5031.91%)
Mutual labels:  secrets-management, aws-secrets-manager
kube-secrets-init
Kubernetes mutating webhook for `secrets-init` injection
Stars: ✭ 106 (+125.53%)
Mutual labels:  secrets-management, aws-secrets-manager
terraform-provider-conjur
Terraform provider for Conjur
Stars: ✭ 17 (-63.83%)
Mutual labels:  conjbot-notify, conjur-community-team
aws-env
Securely populate environment variables using KMS/SSM/Secrets manager on AWS.
Stars: ✭ 72 (+53.19%)
Mutual labels:  aws-secrets-manager
secret config
Centralized Configuration and Secrets Management for Ruby and Rails applications.
Stars: ✭ 15 (-68.09%)
Mutual labels:  secrets-management
Keywhiz
A system for distributing and managing secrets
Stars: ✭ 2,452 (+5117.02%)
Mutual labels:  secrets-management
Shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Stars: ✭ 3,316 (+6955.32%)
Mutual labels:  secrets-management
secreter
Kubernetes operator and CLI tool for encrypting and managing Kubernetes secrets
Stars: ✭ 69 (+46.81%)
Mutual labels:  secrets-management
sopstool
SOPS multi-file wrapper
Stars: ✭ 28 (-40.43%)
Mutual labels:  secrets-management
hush gcp secret manager
A Google Secret Manager Provider for Hush
Stars: ✭ 17 (-63.83%)
Mutual labels:  secrets-management
CKS-Exercises-Certified-Kubernetes-Security-Specialist
A set of curated exercises to help you prepare for the CKS exam
Stars: ✭ 124 (+163.83%)
Mutual labels:  secrets-management
conjur-oss-helm-chart
Helm chart for deploying Conjur OSS to Kubernetes
Stars: ✭ 22 (-53.19%)
Mutual labels:  conjbot-notify
confidential
🤫 Easily manage configs and secrets in your Python projects (with CLI support)
Stars: ✭ 62 (+31.91%)
Mutual labels:  aws-secrets-manager
terraform-aws-ssm-parameter-store
Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber.
Stars: ✭ 87 (+85.11%)
Mutual labels:  secrets-management
conjur-api-go
Go client for the CyberArk Conjur API
Stars: ✭ 13 (-72.34%)
Mutual labels:  conjbot-notify
sops-operator
A Kubernetes operator for Mozilla SOPS
Stars: ✭ 23 (-51.06%)
Mutual labels:  secrets-management
View All Similar Projects ➔

summon-aws-secrets

Summon provider for AWS Secrets Manager

Install

Use the auto-install script. This will install the latest version of summon-aws-secrets. The script requires sudo to place summon-aws-secrets in /usr/local/lib/summon.

curl -sSL https://raw.githubusercontent.com/cyberark/summon-aws-secrets/master/install.sh | bash

Otherwise, download the latest release and extract it to the directory /usr/local/lib/summon.

If you are running an Alpine-based system, you will need to add libc6 compatiblity package (apk add libc6-compat)!

Variable IDs

Variable IDs are used as identifiers for fetching Secrets. These are made up of a secret name (required) and secret key path (optional).

The format used is my/secret/name#mysecretkeypath, where #mysecretkeypath is optional and only relevant when the value returned by my/secret/name alone is valid JSON.

secret name (required)

This is the AWS secret name, which must be ASCII letters, digits, or any of the following characters: /_+=.@-

secret key path (optional)

The secret key path provides access to top-level values inside secrets stored as valid JSON.

Example

Example Secret JSON in aws:

{
  "user-1": "password-1",
  "user-2": "password-2",
  "user-3": "password-3"
}

Use of summon-aws-secrets without secret key path:

$ summon-aws-secrets prod/aws/iam/user/robot/access_key_id
{ "user-1": "password-1", "user-2": "password-2", "user-3": "password-3"}

Use of summon-aws-secrets with secret key path:

$ summon-aws-secrets prod/aws/iam/user/robot/access_key_id#user-2
password-2

Usage in isolation

Give summon-aws-secrets a variable ID and it will fetch it for you and print the value to stdout.

$ # Configure in similar fashion to AWS CLI see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
$ summon-aws-secrets prod/aws/iam/user/robot/access_key_id
8h9psadf89sdahfp98

Flags

summon-aws-secrets supports a single flag.

  • -v, --version Output version number and quit

Usage as a provider for Summon

Summon is a command-line tool that reads a file in secrets.yml format and injects secrets as environment variables into any process. Once the process exits, the secrets are gone.

Example

As an example let's use the env command:

Following installation, define your keys in a secrets.yml file

AWS_ACCESS_KEY_ID: !var aws/iam/user/robot/access_key_id
AWS_SECRET_ACCESS_KEY: !var aws/iam/user/robot/secret_access_key

By default, summon will look for secrets.yml in the directory it is called from and export the secret values to the environment of the command it wraps.

Wrap the env in summon:

$ # Configure in similar fashion to AWS CLI see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
$ summon --provider summon-aws-secrets env
...
AWS_ACCESS_KEY_ID=AKIAJS34242K1123J3K43
AWS_SECRET_ACCESS_KEY=A23MSKSKSJASHDIWM
...

summon resolves the entries in secrets.yml with the AWS Secrets Manager provider and makes the secret values available to the environment of the command env.

Configuration

This provider uses the same configuration pattern as the AWS CLI to connect to AWS.

Contributing

We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our contributing guide.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].