ssmwrap execute commands with output values loaded from AWS SSM Parameter Store to somewhere.
Supported output targets:
- environment variables
- files
$ ssmwrap \
-env 'path=/production/*' \
-file 'path=/production/ssl_cert,to=/etc/ssl/cert.pem,mode=0600' \
-- appDownload binary from releases
or
$ brew install handlename/tap/ssmwrapor
$ go install github.com/handlename/ssmwrap/v2/cmd/ssmwrap@latest$ ssmwrap -help
Usage of ssmwrap:
-env rule
Alias of rule flag with `type=env`.
-file rule
Alias of rule flag with `type=file`.
-retries int
Number of times of retry. Default is 0
-rule path
Set rule for exporting values. multiple flags are allowed.
format: path=...,type={env,file}[,to=...][,entirepath={true,false}][,prefix=...][,mode=...][,gid=...][,uid=...]
parameters:
path: [required]
Path of parameter store.
If path ends with no-slash character, only the value of the path will be exported.
If `path` ends with `/**/*`, all values under the path will be exported.
If `path` ends with `/*`, only top level values under the path will be exported.
type: [required]
Destination type. `env` or `file`.
to: [required for `type=file`]
Destination path.
If `type=env`, `to` is name of exported environment variable.
If `type=env`, but `to` is not set, `path` will be used as name of exported environment variable.
If `type=file`, `to` is path of file to write.
entirepath: [optional, only for `type=env`]
Export entire path as environment variables name.
If `entirepath=true`, all values under the path will be exported. (/path/to/param -> PATH_TO_PARAM)
If `entirepath=false`, only top level values under the path will be exported. (/path/to/param -> PARAM)
prefix: [optional, only for `type=env`]
Prefix for exported environment variable.
mode: [optional, only for `type=file`]
File mode. Default is 0644.
gid: [optional, only for `type=file`]
Group ID of file. Default is current user's Gid.
uid: [optional, only for `type=file`]
User ID of file. Default is current user's Uid.
-version
Display version and exitAll of command line options can be set via environment variables.
$ SSMWRAP_ENV='path=/production/*' ssmwrap ...is same as,
$ ssmwrap -env 'path=/production/*' ...You can set multiple options by add suffix like '_1', '_2', '_3'...
$ SSMWRAP_ENV_1='path=/production/app/*' SSMWRAP_ENV_2='path=/production/db/*' ssmwrap ...On v2, options flags are reformed.
Flags for output to environment variables are consolidated to -env flag.
# v1
$ ssmwrap \
-paths '/foo,/bar' \
-env-entire-path \
-- ...
# v2
$ ssmwrap \
-env 'path=/foo/*,entirepath=true' \
-env 'path=/bar/*,entirepath=true' \
-- ...
Flags for output to files are remaining as -file flag, but format is changed.
# v1
$ ssmwrap -file 'Path=/foo/value,Name=/path/to/file,Mode=0600' -- ...
# v2
$ ssmwrap -file 'path=/foo/value,to=/path/to/file,mode=0600' -- ...
Added new flag -rule that can be used for all type of output.
Flag -env and -file are alias of -rule flag.
# by -env and -file flag
$ ssmwrap \
-env 'path=/foo/*' \
-file 'path=/bar/value,to=/path/to/file' \
-- ...
# by -rule flag (same as above)
$ ssmwrap \
-rule 'type=env,path=/foo/*' \
-rule 'type=file,path=/bar/value,to=/path/to/file' \
-- ...
There are some tools to use values stored in AWS System Manager Parameter Store, but I couldn't find that manipulate values including newline characters correctly.
ssmwrap runs your command through syscall.Exec, not via shell, so newline characters are treated as part of a environment value.
ssmwrap.Export() fetches parameters from SSM and export those to envrionment variables.
Please check example.
see LICENSE file.
@fujiwara has gave me an idea of ssmwrap.
@handlename (https://github.com/handlename)