This project began as a shell script to invoke the kms-encryption decrypt
on the variables in the environment, looking for anything with a prefix of
"decrypt:", decrypting it using AWS KMS using the instance's profile, and
exporting the decrypted value back to the environment before exec to the
next command.
This is used as a Docker entrypoint for containers to be able to decrypt encrypted environment variables passed into it.
This project is a replacement for the ApplauseOSS/kms-encryption-toolbox
supplied shell script, decrypt-and-start.
It can be run as:
$ decrypt-and-start some other programIt can also take an optional flag to control the number of parallel workers:
$ decrypt-and-start -p 20 -- some other programTool can also assume other role for kms access
$ decrypt-and-start --assume-role arn:aws:iam::XXXXXXXXX:role/YYYY some other program