Skip to content

Release 2.1.0

Choose a tag to compare

View all tags
@lucasvieirasilva lucasvieirasilva released this 23 May 21:42
· 23 commits to master since this release
v2.1.0
b29d073
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

[2.1.0] - 2022-05-23

Added

  • Add Tier property in the SSM parameter section. issue-27
  • Add support for AWS Encription SDK. issue-28

Changed

  • Add Schema Validation for the SSM Parameters and Secrets Manager. issue-42

Nonfunctional

  • Migrate the project structure to use Poetry. issue-34

Migrate KMS API to AWS Encryption SDK

The AWS Encryption SDK is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data. The AWS Encryption SDK is provided free of charge under the Apache 2.0 license.

Full documentation: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html

Using AWS Encryption enables AWS Secrets CLI to encrypt data with more than 4KB.

Migration process

  1. Decrypt all SSM parameters and Secrets manager:
aws-secrets decrypt -e dev.yaml --output dev.yaml --profile myprofile --region eu-west-1
  1. Update YAML configuration to add the encryption_sdk with aws_encryption_sdk value.
kms:
  arn: KMS_KEY_ARN
encryption_sdk: 'aws_encryption_sdk'
parameters:
  - name: myparametername
    value: "MySecretValueHere"
    type: SecureString
secrets:
  - name: mysecretname
    value: "MySecretValueHere"

Currently, the default value is boto3

  1. Re-encrypt the YAML configuration file
aws-secrets encrypt -e dev.yaml --profile myprofile --region eu-west-1
Assets 2
Loading