Nowadays lots of teams use AWS SSM to keep their secrets safe, But some times you need to run your app in local development machine without connecting to the AWS SSM.
In this Article I will try to Explain a simple solution to use your secrets in offline mode.
one of the common solution to use AWS SSM is injecting the secrets as environment variable in docker OS. Application can easily access to all variable and secrets which it needs. ssm-env.
Solution:
AWS CLI has a nice feature to fetch all secrets recursively (--recursive --with-decryption). we use it to fetch All secrets in our local development as a dotenv file.
#!/bin/sh
REGION=eu-west-1
PROFILE=default
AWS_SECRET_PATH="/secrets/service/TESTAPP/eu/staging/"
SECRET_FILE_PATH="secrets/eu-staging.env"
currentDate=`date`
echo "# Last update = $currentDate" > $SECRET_FILE_PATH
(export AWS_REGION="$REGION"; export AWS_DEFAULT_REGION="$REGION"; aws --profile $PROFILE ssm get-parameters-by-path --path "${AWS_SECRET_PATH}" \
--recursive --with-decryption \
--output text --query "Parameters[].[Name,Version,Value]" \
| while read key version value ; do echo "# version $version " >> $SECRET_FILE_PATH ; echo "${key##*/}=$value" >> $SECRET_FILE_PATH ; done)
The result would be the eu-staging.env file
# Last update = Di 28 Jul 2020 17:26:08 CEST
# version 1
DB_PASSWORD=Xrttrsdfseww
# version 2
API_PASS=sdfsdflklhfs
The Date time on top of file shown you the last Update.
to run your app you could use dotenv-cli
dotenv -e secrets/eu-staging.env yarn start
you could easily extend this script to fetch all environment secrets based on your needs.
Top comments (1)
In addition to using environment variables I can recommend the tool github.com/dotenv-linter/dotenv-li... - it’s a lightning-fast linter for .env files. Written in Rust.
Maybe it would be useful for you.