Closed mikesimons closed 5 years ago
Uff; I don't know how to please the travis godeps beastie. godep go test
works on my machine :(
Travis looks upset because all the vendor dependencies are now missing from the repo in this commit, maybe try re-installing them all to vendor + committing that?
Looks promising though, happy to see some docs on it and do a deeper dive on the PR and merge it in
I've added comments to op_aws.go
and documentation in doc/operator.md
with links to separate example docs that have more info on each including the stage / version stuff for secretsmanager, using aws roles / profiles and IAM permissions required.
This PR obviously introduces a dependency on the AWS SDK but also (transiently) jmespath/go-jmespath. The only other dep change was an update to jtolds/gls
because 1.12 broke it somehow (which meant tests were all broken).
If you'd like to see more docs on a specific area please let me know.
Thanks for your time 😃
/cc @geofffranks
:tada: Awesome! Thanks @geofffranks :tada:
Hey folks,
Wondering if you're interested in this feature? It adds
awsparam
/awssecret
operator that behaves like the vault operator except it's AWS ParameterStore and AWS SecretsManager.Basic usage looks like:
It implements a couple of extra bits as querystring type args. For instance, it's common for both paramstore and secretsmanager to contain JSON blobs so you can append
awssecret "some/secret/name/or/arn?key=some_key"
to extract a single field of that. Secretsmanager also has stages & versions so you could get the previous version of the field above likeawssecret "some/secret/name/or/arn?key=some_key&stage=AWSPREVIOUS
.Configuration of the AWS client is done through
AWS_PROFILE
/AWS_REGION
/AWS_ROLE
env vars.This PR is only code + tests but I can do the docs if you'd be interested in accepting it (otherwise we'll just keep a fork).