search

binxio / cfn-secret-provider

A CloudFormation custom resource provider for deploying secrets and keys
Apache License 2.0
141 stars 70 forks source link

custom::secret resource password policy #35

Closed ragogitpub closed 4 years ago

ragogitpub commented 4 years ago

If i wanted to generate a secret that is according to a password policy with

  1. atleast one lower case
  2. atleast one upper case
  3. atleast one of the special chars
  4. atleast one number

how do i do it ? currently there is only the "alphabet" property on resource.

if there were alphabet1, alphabet2, alphabet3 etc available then i could provide different alphabet sets. is there some other workaround ?

mvanholsteijn commented 4 years ago

Hi @ragogitpub , I have added the property Required which allows you to specify the required alphabets

      Alphabet: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_@#!
      Required:
        - Alphabet: abcdefghijklmnopqrstuvwxyz
          Count: 1
        - Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
          Count: 1
        - Alphabet: _@#!
          Count: 1
mvanholsteijn commented 4 years ago

please use v1.1.1 of the provider

mvanholsteijn commented 4 years ago

@ragogitpub are you happy with it?

ragogitpub commented 4 years ago

@mvanholsteijn i cant seem to get any special chars to show up in the secret.

      Alphabet: 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=[]{}|'
      Required:
        - Alphabet: 'abcdefghijklmnopqrstuvwxyz'
          Count: 1
        - Alphabet: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
          Count: 1
        - Alphabet: '0123456789'
          Count: 1
        - Alphabet: '!@#$%^&*()_-=[]{}|'
          Count: 1

am i doing something wrong ?

mvanholsteijn commented 4 years ago

Did you install version 1.1.1? The funtionality was not available before. https://binxio-public-eu-central-1.s3.amazonaws.com/lambdas/cfn-secret-provider-1.1.1.zip

ragogitpub commented 4 years ago

i tried it with

aws s3 cp s3://binxio-public-us-east-1/lambdas/cfn-secret-provider-1.1.1.zip .

let me try the version from eu-central-1 in case its different

mvanholsteijn commented 4 years ago

The versions are identical. Please checkout my demo-stack, which shows it works. https://github.com/binxio/cfn-secret-provider/blob/master/cloudformation/demo-stack.yaml

If you are updating, please set RefreshOnUpdate to true.

Cheers,

Mark

On Mon, Apr 20, 2020 at 11:26 PM ragogitpub notifications@github.com wrote:

i tried it with

aws s3 cp s3://binxio-public-us-east-1/lambdas/cfn-secret-provider-1.1.1.zip .

let me try the version from eu-central-1 in case its different

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/binxio/cfn-secret-provider/issues/35#issuecomment-616818569, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEMY25NMNJ4CYXRSJJDLXTRNS4YBANCNFSM4MLN27HA .

-- ing.Mark van Holsteijn tel: +316-22-374-114

ragogitpub commented 4 years ago

Sorry @mvanholsteijn i had a stupid bug in my code. It works great. I appreciate the quick turnaround. Cheers and thanks, Mark.