nabsul
commented
3 years ago Thank you for the your contribution @ashuangiras! I'll need to find some time to review it, so please don't be surprised if it takes a few weeks to get back to this.
Closed ashuangiras closed 3 years ago
nabsul
commented
3 years ago Thank you for the your contribution @ashuangiras! I'll need to find some time to review it, so please don't be surprised if it takes a few weeks to get back to this.
nabsul
commented
3 years ago Hello again @ashuangiras. As we discussed a while back, I think this change goes beyond the scope of this tool. It's a functionality that would only benefit users who on Hashicorp.
I feel like this functionality would be best implemented in a separate tool (or maybe such a tool already exists).
Assuming such a tool exists (or if you build it yourself), my suggestion is to run the secret fetching job and then run ecr-login-renew job as usual after that. This could be in two separate cron jobs, or one with multiple steps.
Still, thank you very much for your suggestion. I greatly enjoy knowing people are using this tool and are thinking of ways to improve it.
Now AWS secrets can be accessed via vault instance by enabling or disabling vault access using additional environment variables
| VAULT_ENBALE = If you want to enable Hashicorp vault for AWS secrets access | | VAULT_ADDR = Hostname of the vault instance | | VAULT_TOKEN = Vault token to access secrets | | VAULT_SECRET_PATH = path to vault secret engine where AWS secrets are stored, the store must have secrets saved with default AWS secret environment variables name, i.e. AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION |