Open Jeeppler opened 6 years ago
simcap
commented
6 years ago @Jeeppler Indeed, we intend to do it. I will probably do it along a new tutorial on how to add AWS services to awless.
As always when integrating a new AWS service into awless, we need to think and extract where the value can be added compared to the regular AWS CLI and how we want to model things.
This issue will updated according to the progress made,
Jeeppler
commented
6 years ago @simcap thanks.
The way I want to use secrets is by first creating secrets and then giving a specific service or services access to the secret. Basically, a one-to-many relationship between secret (one) and service (many) However, I most of the times I want that a secret can only be read by a service and not written. I also don't want that a service can enumerate (list) secrets which do not belong to them.
After the creation, I would like to be able to list the secret to service (user) mapping, for example:
| secret name | service name |
|---|---|
| encryption secret | service a |
| service b |
or
| secret name | user name |
|---|---|
| encryption secret | user a |
| user b |
I would also like to do the reverse lookup. Basically, be able to answer the question on how many secrets can be read (written) by a service (or user)?
Dumping all secrets for backup (disaster recovery) purposes would be nice. Dumping all secrets for a specific service (user) would be nice as well.
Furthermore, it would be nice to get a warning while trying to delete secrets which are used by other services. Maybe even cascading the secret deletion.
Keep in mind those are just some ideas. I could have totally misunderstood some things.
Aub-C
commented
5 years ago Any update on adding AWS Secret Manager support?
Please add support for AWS Secrets Manager: https://aws.amazon.com/secrets-manager/