Merge pull request #22 from Asymmetrik/feature/region-specific-kms

Feature/region specific kms

config/manifest.js

@@ -69,14 +69,15 @@ v.addSchema(DeploymentCenterSchema);
  * Secret Settings.
  * @typedef {object} SecretSettings
  * @memberof Manifest
- * @property {string} name - name of deployment center to use or create. Must be unique within the deployment centers region.
- * @property {string} region - AWS Region to deployed this deployment center. Does not need to be the environment's region.
+ * @property {string} kmsKeyAlias - The key alias to use. Must be unique within the deployment centers region.
+ * @property {string} region - AWS Region the key alias resides in. Does not need to be the environment's region.
  */
 var SecretSettingsSchema = {
 	id: '/SecretSettings',
 	type: 'object',
 	properties: {
 		kmsKeyAlias: { type: 'string' },
+		region: { type: 'string' }
 	},
 	required: ['kmsKeyAlias'],
 	additionalProperties: false

lib/secret-tasks.js

@@ -20,13 +20,15 @@ var IAM = require('./iam-tools');
  * @param {string} options.DeploymentCenter.region - Deployment center region
  * @param {object} options.DeploymentCenter.secret - Secret options
  * @param {string} options.DeploymentCenter.secret.kmsKeyAlias - KMS Master Key Alias to encrypt/decrypt data
+ * @param {string} options.DeploymentCenter.secret.region - If the KMS Master Key is in a different region
  * @return {module.exports|Credstash}
  */
 function getCredentialStore(options){
 	var tableDetails = getCredentialTableDetails(options);
 	var store = new Credstash({
 		table: tableDetails.name,
 		awsOpts: { region: tableDetails.region },
+		kmsOpts: { region: options.DeploymentCenter.secret.region || tableDetails.region },
 		kmsKey: options.DeploymentCenter.secret.kmsKeyAlias,
 	});
 	store.__name = tableDetails.name;
@@ -193,9 +195,12 @@ exports.listSecrets = function(options){
 	return Q.when(options)
 		.then(function(){
 			var store = options.DeploymentCenter.secret.secretStore();
-
+			const secretPrefix = options.DeploymentCenter.secret._prefixKey('') + '/';
 			return store.listSecrets()
 				.then(function(list){
+					list = _.filter(list, function(secret) {
+						return _.startsWith(secret.name, secretPrefix);
+					});
 					if(list.length === 0)
 						logger.warn('There are no secrets you can see.');
 
@@ -279,5 +284,6 @@ exports.getEnvironmentVariables = function(options){
 		'__YADDA__DEPLOYMENT_SECRET_TABLE_REGION__': tableDetails.region,
 		'__YADDA__DEPLOYMENT_SECRET_PREFIX__': options.DeploymentCenter.secret._prefixKey(''),
 		'__YADDA__DEPLOYMENT_SECRET_KMSALIAS__': options.DeploymentCenter.secret.kmsKeyAlias,
+		'__YADDA__DEPLOYMENT_SECRET_REGION__': options.DeploymentCenter.secret.region || tableDetails.region
 	};
 };

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@asymmetrik/yadda",
   "description": "Deployment tool for AWS ECS and ECR",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "main": "index.js",
   "author": "Asymmetrik, Ltd",
   "license": "MIT",
@@ -21,7 +21,7 @@
     "url": "https://github.com/Asymmetrik/yadda.git"
   },
   "dependencies": {
-    "@asymmetrik/yadda-secret": "^0.0.7",
+    "@asymmetrik/yadda-secret": "^0.0.8",
     "archiver": "^1.1.0",
     "aws-sdk": "^2.5.1",
     "commander": "^2.9.0",