Option to use Secrets Manager instead of SSM Parameter Store for API Keys and CID

[elduds]

Looks like a great solution, however the use of SSM Parameter Store poses a few challenges for my use case.

• Doesn't support cross-account access, meaning parameters must exist in every account where the installation is to occur
• Doesn't support replication, meaning these parameters must also be set individually in every region Handling these secrets in pipelines deploying to multiple accounts and regions then becomes tricky.

AWS Secrets Manager Secret support both of the above capabilities, it would be great to have the option to use that instead.

• https://github.com/CrowdStrike/aws-ssm-distributor/blob/46bf4a77972ccb45c86413c57b1806bcda391c05/official-package/README.md?plain=1#L33

[ffalor]

Hey @elduds thanks for the feedback.

We are in a little code freeze while the rollout is finishing to ensure everything is working as expected. Once we are in a spot to start adding features we will have a look at this.

[ffalor]

Update: I've developed this. It is going through testing and review. Once merged it will be added into the next release which will happen this quarter. I'll update this issue when that happens/when it is planned.

[ffalor]

@elduds this is now an option. Version 2 of the CrowdStrike-FalconSensorDeploy automation document now supports secrets manager as a backend.

The documentation has been updated to show how to use secrets manager as the backend.

[elduds]

This is great @ffalor , thanks for the speedy turnaround! I will take a look