Skip to content
/ caddy-security-secrets-aws-secrets-manager Public

Caddy Security Secrets Plugin for AWS Secrets Manager Integration

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

greenpau/caddy-security-secrets-aws-secrets-manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

.github/workflows

.github/workflows

 
 

assets/config

assets/config

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

OWNERS

OWNERS

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

VERSION

VERSION

 
 

caddyfile.go

caddyfile.go

 
 

caddyfile_test.go

caddyfile_test.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

plugin.go

plugin.go

 
 

plugin_test.go

plugin_test.go

 
 

secrets.go

secrets.go

 
 

secrets_test.go

secrets_test.go

 
 

Repository files navigation

caddy-security-secrets-aws-secrets-manager

build docs

Caddy Security Secrets Plugin for AWS Secrets Manager Integration.

Table of Contents

Getting Started

AWS Secrets Manager

Please follow this doc to set up AWS IAM Policy, Rolem and Secrets.

Building Caddy

For secrets aws_secrets_manager directives to work, build caddy with the latest version of this plugin.

xcaddy build ... \
  --with github.com/greenpau/caddy-security-secrets-aws-secrets-manager@latest

Caddyfile Usage

Without Plugin

The following is a snippet of Caddyfile without the use of this plugin.

{
        security {
                local identity store localdb {
                        realm local
                        path /etc/caddy/users.json
                        user jsmith {
                                name John Smith
                                email jsmith@localhost.localdomain
                                password "bcrypt:10:$2a$10$iqq53VjdCwknBSBrnyLd9OH1Mfh6kqPezMMy6h6F41iLdVDkj13I6" overwrite
                                roles authp/admin authp/user
                        }
                }

                authentication portal myportal {
                        crypto default token lifetime 3600
                        crypto key sign-verify b006d65b-c923-46a1-8da1-7d52558508fe
                        enable identity store localdb
                }
        }
}

Plugin Configuration

Now, here is the configuration using secrets retrieved from AWS Secrets Manager:

{
	security {
		secrets aws_secrets_manager access_token {
			region us-east-1
			path authcrunch/caddy/access_token
		}

		secrets aws_secrets_manager users/jsmith {
			region us-east-1
			path authcrunch/caddy/users/jsmith
		}

		local identity store localdb {
			realm local
			path users.json
			user jsmith {
				name "secrets:users/jsmith:name"
				email "secrets:users/jsmith:email"
				password "secrets:users/jsmith:password" overwrite
				api_key "secrets:users/jsmith:api_key" overwrite
				roles authp/admin authp/user
			}
		}

		authentication portal myportal {
			crypto default token lifetime 3600
			crypto key sign-verify "secrets:access_token:value"
			enable identity store localdb
		}
	}
}

About

Caddy Security Secrets Plugin for AWS Secrets Manager Integration

Topics

aws security caddy-plugin aws-secrets-manager caddy2

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v1.0.1 Latest
Jan 13, 2023

Packages

No packages published

Languages