Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Scaladex badge to supply info on supported Scala versions #11

Merged
merged 1 commit into from
May 18, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,17 @@
play-secret-rotation
=========

_Rotating your [Application Secret](https://www.playframework.com/documentation/2.6.x/ApplicationSecret)
_Rotating your [Application Secret](https://www.playframework.com/documentation/2.8.x/ApplicationSecret)
on an active cluster of Play app servers_

More docs on how to do this:
[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/play-v28/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/play-v28/)

[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/play-v27/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/play-v27/)

[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/play-v26/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/play-v26/)


Detailed docs on how to use this library:

* [Using AWS Parameter Store](aws-parameterstore/README.md)
* ...but not with _AWS Secrets Manager_, because
Expand Down
27 changes: 22 additions & 5 deletions aws-parameterstore/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
Using AWS Parameter Store for Play Secret Rotation
=======

[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.gu.play-secret-rotation/aws-parameterstore-sdk-v2_2.12/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.gu.play-secret-rotation/aws-parameterstore-sdk-v2_2.12)
[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v2/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v2/)

[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v1/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v1/)

There are three parts to this:

Expand Down Expand Up @@ -30,13 +32,28 @@ and when to begin switching over between the two) is fetched from AWS Parameter
with a short-lifetime, to ensure that soon after the AWS Parameter containing the secret is updated,
all app servers are ready to begin using it.

Add the library dependency (choose `aws-parameterstore-sdk-v1` or `aws-parameterstore-sdk-v2`
depending on what version of the AWS SDK for Java you want to use):
##### Dependencies

You'll need to add two library dependencies for `com.gu.play-secret-rotation` - one dependency specific
to your Play version, and another specific to your AWS SDK version:

* **Play** ... [![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/play-v28/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/play-v28/)
[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/play-v27/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/play-v27/)
[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/play-v26/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/play-v26/)
* **AWS SDK** ([v1 or v2](https://docs.aws.amazon.com/sdk-for-java/latest/migration-guide/what-is-java-migration.html)) ... [![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v2/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v2/)
[![play-secret-rotation artifacts](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v1/latest-by-scala-version.svg)](https://index.scala-lang.org/guardian/play-secret-rotation/aws-parameterstore-sdk-v1/)

So, for example:

```scala
libraryDependencies += "com.gu.play-secret-rotation" %% "aws-parameterstore-sdk-v1" % "0.14"
libraryDependencies ++= Seq(
"com.gu.play-secret-rotation" %% "play-v28" % "0.x",
"com.gu.play-secret-rotation" %% "aws-parameterstore-sdk-v2" % "0.x",
)
```

##### Updating `ApplicationComponents` with the rotating secret

In your `ApplicationComponents`, mix-in `RotatingSecretComponents` and provide the `secretStateSupplier`
required by that trait:

Expand Down Expand Up @@ -119,6 +136,6 @@ Set the Lambda Execution role to have a policy like this:
}
```

Finally, use a AWS CloudWatch Scheduled Event to trigger the Lambda to run at regular intervals.
Finally, use an AWS CloudWatch Scheduled Event to trigger the Lambda to run at regular intervals.
The Lambda should not run more often than the `overlapDuration` defined in the `secretStateSupplier`
in your Play Server - every 6 hours with a 2 hour overlap will probably work well.