feat: inject secrets

netlify · Jun 27, 2021 · 9eaaf2a · 9eaaf2a
1 parent 45031fd
commit 9eaaf2a
Show file tree

Hide file tree

Showing 8 changed files with 4,509 additions and 2,413 deletions.
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
@@ -9,16 +9,16 @@ on:
 jobs:
   build:
     runs-on: ${{ matrix.os }}
-    timeout-minutes: 30
+    timeout-minutes: 10
     strategy:
       matrix:
         os: [ubuntu-latest, macOS-latest, windows-latest]
-        node-version: [8.17.0, '*']
+        node-version: ['12', '*']
         exclude:
           - os: macOS-latest
-            node-version: 8.17.0
+            node-version: '12'
           - os: windows-latest
-            node-version: 8.17.0
+            node-version: '12'
       fail-fast: false
     steps:
       - name: Git checkout

diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ node_modules
 /coverage
 /build
 .vscode
+.env
diff --git a/README.md b/README.md
@@ -1,9 +1,64 @@
 [![Build](https://github.com/netlify/netlify-plugin-secrets-manager/workflows/Build/badge.svg)](https://github.com/netlify/netlify-plugin-secrets-manager/actions)
 [![Node](https://img.shields.io/node/v/@netlify/plugin-secrets-manager.svg?logo=node.js)](https://www.npmjs.com/package/@netlify/plugin-secrets-manager)
 
-# netlify-plugin-secrets-manager
+# Netlify Plugin Secrets Manager
 
-Update me!
+Inject secrets from AWS Secrets Manager into the Netlify build process.
+
+## Prerequisites
+
+- `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` set as build environment variables with proper permissions, e.g.
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "VisualEditor0",
+      "Effect": "Allow",
+      "Action": "secretsmanager:GetSecretValue",
+      "Resource": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-path>"
+    },
+    {
+      "Sid": "VisualEditor1",
+      "Effect": "Allow",
+      "Action": "secretsmanager:ListSecrets",
+      "Resource": "*"
+    }
+  ]
+}
+```
+
+> You can scope the `GetSecretValue` permission to a path, but the `ListSecrets` must be a wild card `*`
+
+## Usage
+
+You can install this plugin in the Netlify UI from this
+[direct in-app installation link](https://app.netlify.com/plugins/@netlify/plugin-secrets-manager/install) or from the
+[Plugins directory](https://app.netlify.com/plugins).
+
+You can also install it manually:
+
+From your project's base directory, use npm, yarn, or any other Node.js package manager to add the plugin to
+`devDependencies` in `package.json`.
+
+```bash
+npm install -D @netlify/plugin-secrets-manager
+```
+
+Then add the plugin to your `netlify.toml` configuration file:
+
+```toml
+[[plugins]]
+package = "@netlify/plugin-secrets-manager"
+```
+
+## Additional configuration
+
+- By default the plugin injects the secrets with a `AWS_SECRET_` prefix. You can override the default prefix using the
+  `AWS_SECRET_PREFIX` environment variable.
+- The plugin defaults to the `us-east-1` region. You can override the default region using the `AWS_DEFAULT_REGION`
+  environment variable.
 
 ## Contributors
 

diff --git a/netlify.toml b/netlify.toml
@@ -1,4 +1,5 @@
 [build]
+command = "echo $AWS_SECRET_SECRET_NAME"
 publish = "public"
 [[plugins]]
 package = "."