Skip to content
/ secrets-manager Public

Public documentation for boltopspro/secrets-manager

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

boltops-pro-docs/secrets-manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
app
app
 
 
seed
seed
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Gemfile
Gemfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
secrets-manager.gemspec
secrets-manager.gemspec
 
 

Repository files navigation

NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: https://github.com/boltopspro/secrets-manager/blob/master/README.md The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at contact@boltops.com or https://www.boltops.com

Secrets Manager CloudFormation Blueprint

BoltOps Badge

This blueprint provisions a SecretsManager Secret. It is useful to be able to test out Secrets Manager and then be able clean up all the resources after testing.

Usage

  1. Add blueprint to Gemfile
  2. Configure: configs/secrets-manager values
  3. Deploy

Add

Add the blueprint to your lono project's Gemfile.

gem "secrets-manager", git: "git@github.com:boltopspro/secrets-manager.git"

Configure

First you want to configure the configs files. Use lono seed to configure starter values quickly.

lono seed secrets-manager

The generated files in config/secrets-manager folder look something like this:

configs/secrets-manager/
├── params
│   └── development.txt
└── variables
    └── development.rb

Here's an example of the params file:

configs/secrets-manager/params/development.txt:

# Parameter Group: AWS::SecretsManager::Secret
# Description=
# KmsKeyId=
# Name=
# SecretString=

AWS recommends generating a random value for the secret and not hardcoding it with the SecretString property. We achieve that with the @generate_secret_string variable. Here's an example:

configs/secrets-manager/variables/development.rb:

@generate_secret_string = {
  SecretStringTemplate: '{"username":"test-user"}',
  GenerateStringKey: "password",
  PasswordLength: 30,
  ExcludeCharacters: '"@/\\'
}

Deploy

Use the lono cfn deploy command to deploy. Example:

lono cfn deploy secrets-manager --blueprint secrets-manager --sure

Configure Details

Stack Name Convention

By leveraging the lono Stack Name and CLI conventions, we can organize the configs files in a way that matches the stack name. Example:

lono cfn deploy secret-1 --blueprint secrets-manager
lono cfn deploy secret-2 --blueprint secrets-manager

Will use the corresponding config files:

configs/secrets-manager/development/secret-1.txt
configs/secrets-manager/development/secret-2.txt

Using SecretString Instead

If you elect to use SecretString instead, you must set @generate_secret_string = nil. Example:

configs/secrets-manager/params/development.txt:

# Parameter Group: AWS::SecretsManager::Secret
SecretString=secret-value

configs/secrets-manager/variables/development.rb:

@generate_secret_string = nil

About

Public documentation for boltopspro/secrets-manager

Topics

aws cloudformation lono boltopspro lono-blueprint

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages