search

twpayne / chezmoi

Manage your dotfiles across multiple diverse machines, securely.
https://www.chezmoi.io/
MIT License
13.4k stars 493 forks source link

Support for AWS Secrets Manager #2216

Closed craiggwilson closed 2 years ago

craiggwilson commented 2 years ago

Is your feature request related to a problem? Please describe.

I have personal secrets in 1password, but my company has secrets in AWS Secrets Manager. I'd like to have my dotfiles pull from both places natively. I know I could use the secret command line callout, but having something natively integrated is nice.

Describe the solution you'd like

I would like some template functions that allow for reading secrets from AWS Secrets Manager.

Describe alternatives you've considered

Could use the secret command callout, which is likely sufficient, but it's not native.

Additional context

If this is of interest, I have it working locally, just need to add documentation and figure out how to do testing, as not everyone who is running tests will have secrets in AWS...

It does take a dependency on the aws-go-sdk-v2, which might be a deal breaker if chezmoi doesn't want further dependencies. It is natively go, so it's just like any other dep.

twpayne commented 2 years ago

This would be a very nice addition, thank you. Please do open a PR.

The extra dependency is OK, as long as it does not massively increase the size of chezmoi's binary. chezmoi's binaries are currently about 30MB in size, and, as long as adding aws-go-sdk-v2 does not add more than, say, 10MB to it the final size, it's OK.

2062 is a good reference for the changes needed to add a new password manager.

twpayne commented 2 years ago

For tests, I agree it's hard to test, so feel free to skip adding tests unless there's a neat and easy way to do it (e.g. a mock AWS API endpoint that we can use). Just be very sure that the code works correctly :)