New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secrets in parameter store #100

Merged
merged 7 commits into from Nov 11, 2018

Conversation

Projects
None yet
1 participant
@lopopolo
Copy link
Owner

lopopolo commented Nov 11, 2018

Use SSM Parameter Store to store app secrets (database password and secret key).

Remove python-dotenv as a production dependency.

lopopolo added some commits Nov 5, 2018

[WIP] Secrets via Parameter Store
Working on macbook for local env.

Still to do:
- IAM permissions for app-local user
- prod
- cleanup
- kill dotenv
local env pulls secrets from SSM
On deck:

- SSM VPC endpoint for prod
- Figure out packer SSM permissions
Enable SSM in prod VPC
- Setup SSM endpoint for backend VPC.
- Add SSM permissions to app instance role.
Add iam instance profile to packer builder
Parameterize build parameters from terraform outputs using invoke

@lopopolo lopopolo merged commit 30e7c05 into master Nov 11, 2018

@lopopolo lopopolo deleted the secrets-in-parameter-store branch Nov 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment