Skip to content
/ pychamber Public

Hydrates secrets from AWS Systems Manager Parameter Store as environment variables for use in a callable program.

License

Apache-2.0 license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

s7clarke10/pychamber

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github
.github
 
 
pychamber
pychamber
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

pychamber

Chamber is a tool for managing secrets.

It's current implementation, hydrates secrets from AWS Systems Manager Parameter Store as environment variables for use in a callable program.

Installing

pip install .

Authentication

Chamber uses the AWS boto3 library for authentication to obtain the secrets from the AWS SSM Parameter Store.

You can use environment variables such as aws_access_key_id, aws_secret_access_key, and aws_session_token or AWS config files. Please ref to https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html

Authorization

It is a best practice to manage access the SSM parameter store via IAM Policies.

Please refer to the following page for more details around SSM access policies. https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html

Usage

To retrieve secrets from the SSM parameter store use the get_params switch which allows one or many parameters to be supplied and then pass them to an executing program.

Example:

chamber -get_params /meltano/tap-rest-api-msdk /meltano/target-snowflake -exec meltano run tap-rest-api-msdk target-snowflake

chamber -get_params /meltano/tap-rest-api-msdk /meltano/target-snowflake -priority_env_vars -exec meltano run tap-rest-api-msdk target-snowflake

get_params switch

You may supply one or many valid SSM Parameter store paths (each level of the hierarchy is separated by a slash). When specifying more that one path to parameters, separate each path by a space.

Note: The environment variables are not persisted in the shell. They are only available to the calling program minimising discovery.

priority_env_vars switch

Optional: Use existing env variables if they exist rather than incoming SSM Parameters. Default False

exec switch

Calls a sub-process to execute the given program. Chamber expects that the given program call is available in the PATH or is a fully qualified location to the executable.

Note: Chamber will capture the return result from the program which is executed and will return the result of the execution back to the shell.

Credits

The following people / projects are credited for pychamber project.

  1. segmentio . The authors of a full implementation of chamber in the Go language.

  2. Julian Libiseller-Egger for enhanced argpass features to allow all parameters to be passed to the executing program (even when they are switches). argpass.

  3. Bao Ngugen . Bao has a good medium article and code gist for retrieving parameters by a path in the AWS SSM Parameter Store.

About

Hydrates secrets from AWS Systems Manager Parameter Store as environment variables for use in a callable program.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 4

Correctly capturing return codes from executed programs Latest
Oct 7, 2023
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages