The AWS Provider in Secret-init can load secrets from AWS Secrets Manager and AWS Systems Manager (SSM) Parameter Store as well. This provider interfaces with AWS's API, to fetch and load secrets.
- Golang
>= 1.21 - Makefile
- Access to AWS services
# Secret-init requires atleast these environment variables to be set properly
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export AWS_REGION# Export environment variables
export MYSQL_PASSWORD=arn:aws:secretsmanager:eu-north-1:123456789:secret:bank-vaults/test/mysql-ASD123
export SM_JSON=arn:aws:secretsmanager:eu-north-1:123456789:secret:bank-vaults/test/JSON-ASD123
export SSM_SECRET=arn:aws:ssm:eu-north-1:123456789:parameter/bank-vaults/test
# NOTE: Secret-init is designed to identify any secret-reference that starts with "arn:aws:secretsmanager:" or "arn:aws:ssm:"# Build the secret-init binary
make build
# Run secret-init with a command e.g.
./secret-init env | grep 'MYSQL_PASSWORD\|SM_JSON\|SSM_SECRET'
# JSON secrets are loaded as is:
# SM_JSON="{"firsts3cr3t":"s3cr3ton3","seconds3cr3t":"s3cr3ttwo"}"# Remove binary
rm -rf secret-init
# Unset the environment variables
unset MYSQL_PASSWORD
unset SM_JSON
unset SSM_SECRET