loading...
Cover image for How to use AWS SSM in offline mode for daily development.

How to use AWS SSM in offline mode for daily development.

aliakbar_salehi profile image Aliakbar Salehi ・1 min read

Nowadays lots of teams use AWS SSM to keep their secrets safe, But some times you need to run your app in local development machine without connecting to the AWS SSM.
In this Article I will try to Explain a simple solution to use your secrets in offline mode.

one of the common solution to use AWS SSM is injecting the secrets as environment variable in docker OS. Application can easily access to all variable and secrets which it needs. ssm-env.

Solution:

AWS CLI has a nice feature to fetch all secrets recursively (--recursive --with-decryption). we use it to fetch All secrets in our local development as a dotenv file.

#!/bin/sh

REGION=eu-west-1
PROFILE=default

AWS_SECRET_PATH="/secrets/service/TESTAPP/eu/staging/"         
SECRET_FILE_PATH="secrets/eu-staging.env"

currentDate=`date`

echo "# Last update = $currentDate" > $SECRET_FILE_PATH


(export AWS_REGION="$REGION"; export AWS_DEFAULT_REGION="$REGION"; aws --profile $PROFILE ssm get-parameters-by-path --path "${AWS_SECRET_PATH}" \
             --recursive --with-decryption \
             --output text --query "Parameters[].[Name,Version,Value]"  \
            | while read key version value  ; do echo "# version $version " >> $SECRET_FILE_PATH ; echo "${key##*/}=$value" >> $SECRET_FILE_PATH ;  done)

The result would be the eu-staging.env file

# Last update = Di 28 Jul 2020 17:26:08 CEST

# version 1 
DB_PASSWORD=Xrttrsdfseww
# version 2 
API_PASS=sdfsdflklhfs

The Date time on top of file shown you the last Update.

to run your app you could use dotenv-cli

dotenv -e secrets/eu-staging.env yarn start

you could easily extend this script to fetch all environment secrets based on your needs.

Aliakbar Salehi

Posted on by:

Discussion

pic
Editor guide