1.0.5 • Published 5 years ago

reliquary v1.0.5

Weekly downloads
-
License
ISC
Repository
-
Last release
5 years ago

Reliquary

Summary

This is an auxiliary tool to manage secrets in AWS Secrets Manager

It fetches the latest version of a secret and stores it locally to be edited.

The secrets can also be updated via the tool. The tool assumes the secrets are in JSON form, and performs validation before uploading. This avoids common errors when editing secrets directly in the AWS console.

Do not update the secrets by AWS Console it is prone to errors!

This tool automatically adds to the .gitignore an .secrets to avoid pushing the folder to GIT

Usage

You must have NodeJS 8 or superior installed on your machine.

The commands are:

Fetching secrets

npx reliquary --fetch-secrets -n <secret-name>

Fetching secrets with different region

npx reliquary --fetch-secrets -n <secret-name> -r <region>

Updating secrets by reading an local file

npx reliquary --update-secrets -n <secret-name> -p <path>

Listing versions of stored secrets, exhibits by default the last 10 records

npx reliquary --list-secrets

This should return something like this:

{ Versions: 
   [ { VersionId: '1d7ea461-066d-4e78-9c97-ccbbf27ba660',
       LastAccessedDate: '2019 - 05 - 13 T00: 00: 00.000 Z',
       CreatedDate: '2019 - 05 - 13 T13: 36: 40.566 Z' } ],
  NextToken: 'AAGWzGu7c3fnjy994XFY80EKjACAkQA3jPXB5sokoh0+PEQgQ+UY7OiiU0yt2WIfHhNLenRUW7cy1X+okG6qkgsEBvqO3kxmm7tzq+awLyWUPVF4wbmXVYdxYHXyiMMzGlR884DfhX3uYJU35BAAAXTkB6pAu5c2U71zGAskNco34Ev1O7GBIPqV56qjBXpWp1n6AAIUDPxgdfz2CkzbN21ZPO48aHkA4OTAyZmriB26wTerot72pgLSS6ze+3RZzk0BdFU/jmXO54g3b/GQetQKBD2X2CCvUfu6zo92gaar',
  ARN: 'arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>',
  Name: 'example' }

Check the CreatedDate and with the VersionId in hands, you can do the rollback with:

npx reliquary --rollback-secrets -n <secret-name> -i 5617687a-763b-4301-bb23-bda7dd49c3fe

CLI Options

-f, --fetch-secrets

Operation to fetch the secrets

The "AWSCURRENT" version is downloaded and stored at .secrets/current.json

-u, --update-secrets

Operation to update the secrets

A local backup is stored at .secrets/<secret-version-id>.json. The contents of .secrets/current.json are then uploaded to AWS.

-r, --region value

Parameter to set AWS Region, it is optional and defaults to us-east-1

-n, --secret-name value

The secret name on Secrets Manager

-p, --secret-path value

The secret file path containing the value of the secrets, this is required when using update

-v --verbose

The log is output in debug mode, with more information

-i --secret-version-id value

The secret version id, use list to show possible values, when using rollback this is required

aws-sdkcommanderwinston
@infinitebrahmanuniverse/nolb-reli@everything-registry/sub-chunk-2646
1.0.5

5 years ago

1.0.4

5 years ago

1.0.3

5 years ago

1.0.2

5 years ago

1.0.1

5 years ago

1.0.0

5 years ago