Skip to content

Commit

Permalink
feat: ability to change AWS secret description
Browse files Browse the repository at this point in the history
  • Loading branch information
@KiraLT
KiraLT committed Jan 18, 2022
1 parent df83af6 commit 963a47c
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Expand Up @@ -45,5 +45,6 @@ Then go to AWS Secrets dashboard and create a rotation rule for created secrets
| CERTBOT_SERVER | Letsencrypt API url. | `https://acme-v02.api.letsencrypt.org/directory` |
| CERTBOT_DIR | Temporary certbot directory where logs and generated certs will be stored. | `/tmp/certbot` |
| AWS_SECRET_NAME | AWS secret name template, {domain} will be replaced with domain name. | `certbot-{domain}` |
| AWS_SECRET_DESCRIPTION | AWS secret name description text. | `Auto generated SSL certificate by lambda-certbot` |

Each DNS challenge plugin requires different configuration, check [documentation](https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins) for more information.
5 changes: 4 additions & 1 deletion app/handler.py
View file
Expand Up @@ -23,7 +23,10 @@ def handler(_event, _context):
)

upload_certs_as_secrets(
certs, name=settings.AWS_SECRET_NAME, secret_names=secret_names
certs,
name=settings.AWS_SECRET_NAME,
secret_names=secret_names,
description=settings.AWS_SECRET_DESCRIPTION
)
finally:
shutil.rmtree(str(settings.CERTBOT_DIR), ignore_errors=True)
Expand Down
7 changes: 4 additions & 3 deletions app/services/aws.py
View file
Expand Up @@ -10,7 +10,7 @@ def list_secret_names() -> list[str]:


def upload_certs_as_secrets(
certs: list[Cert], name: str, secret_names: list[str] = None
certs: list[Cert], name: str, secret_names: list[str] = None, description: str = ''
) -> None:
for cert in certs:
name = name.format(domain=cert.domain)
Expand All @@ -19,11 +19,12 @@ def upload_certs_as_secrets(
name=name,
data={f.name: f.content for f in cert.files},
secret_names=secret_names,
description=description
)


def create_or_update_secret(
name: str, data: dict[str, str], secret_names: list[str] = None
name: str, data: dict[str, str], secret_names: list[str] = None, description: str = ''
):
secretsmanager = client("secretsmanager")
secret_names = secret_names if secret_names is not None else list_secret_names()
Expand All @@ -37,6 +38,6 @@ def create_or_update_secret(

secretsmanager.create_secret(
Name=name,
Description=f"Auto generated SSL certificate by lambda-certbot",
Description=description,
SecretString=json.dumps(data),
)
2 changes: 2 additions & 0 deletions app/settings.py
View file
Expand Up @@ -13,6 +13,7 @@ class Settings:
CERTBOT_DIR: Path
AWS_SECRET_NAME: str
AWS_DEFAULT_REGION: str
AWS_SECRET_DESCRIPTION: str


def read_env(name: str, required: bool = False, multi=False, default=None):
Expand Down Expand Up @@ -43,4 +44,5 @@ def read_env(name: str, required: bool = False, multi=False, default=None):
CERTBOT_DIR=Path(read_env("CERTBOT_DIR", default="/tmp/certbot")).resolve(),
AWS_DEFAULT_REGION=read_env("AWS_DEFAULT_REGION", required=True),
AWS_SECRET_NAME=read_env("AWS_SECRET_NAME", default="certbot-{domain}"),
AWS_SECRET_DESCRIPTION=read_env("AWS_SECRET_DESCRIPTION", default="Auto generated SSL certificate by lambda-certbot"),
)

0 comments on commit 963a47c

Please sign in to comment.