Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #257.
KMS Region
This PR adds a new top-level command-line argument,
--kms-region
.Basic Usage
This argument allows users to set the region from which the
credstash
KMS Key should be read separately from the region in which thecredstash
DynamoDB Table is stored. This allowscredstash
to be used with DynamoDB Global Tables with minimal AWS configuration.Note that the KMS region can be specified for
keys
,list
anddelete
, but is not used since KMS is not needed for those commands.Saving the KMS Region
The KMS region can be saved by running
credstash setup --save-kms-region REGION
. This value is saved in~/.credstash
.KMS Region Resolution Order
--kms-region
command-line argument~/.credstash
If the KMS region is not explicitly specified, it takes the value of
region
, following the normal order of precedence:--region
command-line argumentAWS_DEFAULT_REGION
environment variable~/.aws/config
us-east-1
if no other region is specifiedLibrary Usage
This PR adds a new keyword argument,
kms_region
, togetSecret
,getAllSecrets
,putSecret
, andputSecretAutoVersion
.