Skip to content

Commit

Permalink
feat: Add AWS Secrets Manager Store (#267)
Browse files Browse the repository at this point in the history
  • Loading branch information
@danmactough
danmactough committed Oct 14, 2020
1 parent fd7164f commit 0829349
Show file tree
Hide file tree
Showing 10 changed files with 8,056 additions and 6 deletions.
16 changes: 10 additions & 6 deletions cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,11 @@ const (
)

const (
NullBackend = "NULL"
SSMBackend = "SSM"
S3Backend = "S3"
S3KMSBackend = "S3-KMS"
NullBackend = "NULL"
SSMBackend = "SSM"
SecretsManagerBackend = "SECRETSMANAGER"
S3Backend = "S3"
S3KMSBackend = "S3-KMS"

BackendEnvVar = "CHAMBER_SECRET_BACKEND"
BucketEnvVar = "CHAMBER_S3_BUCKET"
Expand All @@ -58,7 +59,7 @@ const (
DefaultKMSKey = "alias/parameter_store_key"
)

var Backends = []string{SSMBackend, S3Backend, NullBackend, S3KMSBackend}
var Backends = []string{SSMBackend, SecretsManagerBackend, S3Backend, NullBackend, S3KMSBackend}

// RootCmd represents the base command when called without any subcommands
var RootCmd = &cobra.Command{
Expand All @@ -70,13 +71,14 @@ var RootCmd = &cobra.Command{
}

func init() {
RootCmd.PersistentFlags().IntVarP(&numRetries, "retries", "r", DefaultNumRetries, "For SSM, the number of retries we'll make before giving up")
RootCmd.PersistentFlags().IntVarP(&numRetries, "retries", "r", DefaultNumRetries, "For SSM or Secrets Manager, the number of retries we'll make before giving up")
RootCmd.PersistentFlags().DurationVarP(&minThrottleDelay, "min-throttle-delay", "", store.DefaultMinThrottleDelay, "For SSM, minimal delay before retrying throttled requests. Default 500ms.")
RootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "", false, "Print more information to STDOUT")
RootCmd.PersistentFlags().StringVarP(&backendFlag, "backend", "b", "ssm",
`Backend to use; AKA $CHAMBER_SECRET_BACKEND
null: no-op
ssm: SSM Parameter Store
secretsmanager: Secrets Manager
s3: S3; requires --backend-s3-bucket
s3-kms: S3 using AWS-KMS encryption; requires --backend-s3-bucket and --kms-key-alias set (if you want to write or delete keys).`,
)
Expand Down Expand Up @@ -194,6 +196,8 @@ func getSecretStore() (store.Store, error) {
}

s, err = store.NewS3KMSStore(numRetries, bucket, kmsKeyAlias)
case SecretsManagerBackend:
s, err = store.NewSecretsManagerStore(numRetries)
case SSMBackend:
if kmsKeyAliasFlag != DefaultKMSKey {
return nil, errors.New("Unable to use --kms-key-alias with this backend. Use CHAMBER_KMS_KEY_ALIAS instead.")
Expand Down
8 changes: 8 additions & 0 deletions store/backendbenchmarks_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,14 @@ func TestS3StoreConcurrency(t *testing.T) {
benchmarkStore(t, s, []string{"foo"})
}

func TestSecretsManagerStoreConcurrency(t *testing.T) {
if !benchmarkEnabled {
t.SkipNow()
}
s, _ := NewSecretsManagerStore(10)
benchmarkStore(t, s, []string{"foo"})
}

func TestSSMConcurrency(t *testing.T) {
if !benchmarkEnabled {
t.SkipNow()
Expand Down
Loading

0 comments on commit 0829349

Please sign in to comment.