Skip to content

square/password-rotation-lambda

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
3 branches 6 tags
Code

Latest commit

@daniel-nichter
daniel-nichter Merge pull request #9 from square/dependabot/go_modules/github.com/aw…
ffc5f63 Jan 17, 2023
Merge pull request #9 from square/dependabot/go_modules/github.com/aw… 
…s/aws-sdk-go-1.33.0

Bump github.com/aws/aws-sdk-go from 1.30.14 to 1.33.0
ffc5f63

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
setup-test-workflow
May 10, 2020 05:07
db
Fix a log line
December 19, 2020 13:34
examples/rds
Update import paths to v2
November 2, 2020 15:25
test
Update import paths to v2
November 2, 2020 15:25
.gitignore
First commit
May 7, 2020 16:03
CHANGELOG.md
custom random password setter
May 10, 2021 11:45
CONTRIBUTING.md
Add CONTRIBUTING.md
May 10, 2020 10:24
LICENSE
First commit
May 7, 2020 16:03
README.md
Rename to password-rotation-lambda
August 5, 2020 10:13
event.go
First commit
May 7, 2020 16:03
go.mod
Bump github.com/aws/aws-sdk-go from 1.30.14 to 1.33.0
December 30, 2022 19:38
go.sum
Bump github.com/aws/aws-sdk-go from 1.30.14 to 1.33.0
December 30, 2022 19:38
rotate.go
Clean up debug
December 19, 2020 15:17
rotate_test.go
Remove cache
December 18, 2020 17:48
secret.go
custom random password setter
May 10, 2021 11:45
secret_test.go
custom random password setter
May 10, 2021 11:45

README.md

Password Rotation Lambda

password-rotation-lambda is an AWS Lambda function (in Go) that rotates database passwords using AWS Secrets Manager. Currently, it supports RDS for MySQL.

This package handles the four Secrets Manager rotation steps and database-specific password setting. Currently, it only supports RDS for MySQL. Your main.go imports this packages (which exports itself as rotate for short) and provides AWS sessions/clients and a SecretSetter to decode your secret string.

package main

import (
	"log"

	"github.com/aws/aws-lambda-go/lambda"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/rds"
	"github.com/aws/aws-sdk-go/service/secretsmanager"

	"github.com/square/password-rotation-lambda"
	"github.com/square/password-rotation-lambda/db/mysql"
)

func main() {
	// Start AWS session using env vars automatically set by Lambda
	sess, err := session.NewSession()
	if err != nil {
		log.Fatalf("error making AWS session: %s", err)
	}

	// Make password setter for MySQL (RDS)
	ps := mysql.NewPasswordSetter(mysql.Config{
		RDSClient: rds.New(sess),                   // RDS API client
		DbClient:  mysql.NewRDSClient(true, false), // RDS MySQL cilent (true=TLS, false=dry run)
	})

	// Make Rotator which is the Lambda function/handler
	r := rotate.NewRotator(rotate.Config{
		SecretsManager: secretsmanager.New(sess),
		PasswordSetter: ps,
	})

	// Run Rotator in Lambda, waiting for events from Secrets Manager
	lambda.Start(r.Handler)
}

More docs and examples to come.

About

Password rotation function for AWS Lambda and Secrets Manager

Topics

mysql golang aws-lambda password aws-rds aws-secrets-manager

Resources

Readme

License

Apache-2.0 license

Stars

14 stars

Watchers

7 watching

Forks

6 forks

Releases

6 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages