DEV Community: Fabio Ferreira

💍 aws-vault-lite: One AWS Secret to Rule Them All

Fabio Ferreira — Sat, 10 May 2025 01:25:29 +0000

This is a submission for the Amazon Q Developer "Quack The Code" Challenge: Exploring the Possibilities

What I Built

At my company, we still don’t have a proper tool to manage secrets. So, naturally, people come up with their own solutions—some of them not very secure.

I had the idea of using AWS Secrets Manager as a secure place to store our secrets. But there was a challenge:
We didn’t want to create a separate secret for every single thing. Some secrets might never even be used, and at $0.40 per secret, that adds up quickly.

Then I discovered that a single AWS Secret can store up to 64KB, which is more than enough for a bunch of simple strings.

That got me thinking...
What if I could build a secret manager using just one AWS Secret?

So I did it! :)

Introducing aws-vault-lite — a lightweight secret manager I built in just one night (with a hand from Amazon Q).

What is?
The Single Secret Design (SSD) is a cost-effective and flexible strategy for managing secrets in AWS Secrets Manager. Instead of creating individual secrets for every credential or config item, SSD consolidates all secrets for a single department (e.g., CloudOps, Networking, Infra) into one structured JSON secret, significantly reducing monthly costs and improving manageability.

That was a pretty polite intro, wasn’t it?
But hey, this is going on my GitHub, so I had to make it sound somewhat professional. 😅
(You know, for the future me, recruiters, and curious developers judging my README skills.)

Demo

This what you could expect from the app.

Code Repository

Try it at:
https://github.com/fabiocore/aws-vault-lite

How I Used Amazon Q Developer

I always like to start with a file that gives some context to the LLM, so I created the repo and added a README.md file first.

The README.md gives a high-level overview of what we’re about to build — what it is, what it does, and why it’s useful. No implementation details yet, just the big picture.

It ended up being pretty short — about a page and a half. Just enough to set the stage.

Now let me show you my PROMPT skills... 😅

1st PROMPT

> Let's create the project in this folder.
First of all, take a look in the README.md file and make a resume of what do you understand about it.

Based on the README.md file, I understand that this project is about implementing the Single Secret Design (SSD) pattern for AWS Secrets Manager. Here's a summary of the key
points:

Purpose: SSD is a cost-effective approach to manage secrets in AWS Secrets Manager by consolidating multiple credentials into a single JSON secret per department.
Structure: Each secret is organized as a JSON object where:
• Keys represent systems or tools (like "argocd-staging" or "terraform-provisioner")
• Values are flexible objects containing credentials (username, password, URL, etc.)
Benefits:
• Cost efficiency: Reduces the $0.40/secret/month pricing by using fewer secrets
• Security: Maintains centralized encryption with IAM access control
• Flexibility: No rigid schema requirements
• Simplicity: Easy integration with AWS SDKs and CLI
• Scalability: Can store many credentials (up to 64KB) in a single secret
Use Cases: Designed for teams like CloudOps, Infrastructure, and Networking to store various credentials for tools, systems, and services.

It seems the project "aws-vault-lite" will likely be a tool to implement this Single Secret Design pattern, providing a simpler interface to manage these consolidated secrets
in AWS Secrets Manager.

Would you like me to help you set up the initial project structure based on this understanding?

2nd PROMPT

> ok, we will use Python to create it, but I would like to do something graphical, simple but graphical, not cli.
what do you recommend me to use?

For a simple graphical Python application to implement the Single Secret Design pattern, I'd recommend using one of these frameworks:

Tkinter - Built into Python's standard library, making it easy to get started without additional dependencies. It's lightweight and works well for simple interfaces.
PyQt5/PySide6 - More modern-looking UI with comprehensive widgets. Good for creating professional applications with more complex interfaces.
Kivy - Cross-platform framework that works well on desktop and mobile, though it has a steeper learning curve.
CustomTkinter - A modern-looking extension of Tkinter with better-looking widgets and themes.

For this project, I'd recommend either Tkinter or CustomTkinter since:
• They're lightweight and perfect for simple applications
• Easy to learn and implement
• CustomTkinter gives a more modern look while maintaining Tkinter's simplicity
• Both are well-suited for creating forms and interfaces to manage JSON data

Would you like me to help you set up a basic structure using one of these frameworks? CustomTkinter would give you a more modern look with minimal additional complexity.

3rd PROMPT

> ok, lets try CustomTkinter.
What I expect from this app:

The user will execute python3 aws-vault-lite.py and a interface will be loaded.
The interface will use the env variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN(if exists)
If the secret /aws-vault-lite/vault doesn't exist, the app will ask the user to create it.
If it already exists the app will open and the user will see the secrets names on the left and the values on the center/center-right.
The user can add new items, the attributes are flexible, the secret name is mandatory.
Password values are hidden by default and a text 'show hidden' is available for the user to show all hidden contents in that secret.
The user should confirm before deleting a secret.

Think step by step, think hard, give me an overview of you deployment plan and how the interface will look like at your perspective right now. Wait my agreement before creating the code.

The response from Amazon Q was...

I'll design a CustomTkinter application for the aws-vault-lite project based on your requirements. Let me think through this step by step.

Deployment Plan

1. Project Setup

• Create the main Python file aws-vault-lite.py
• Set up dependencies (CustomTkinter, boto3 for AWS interaction)
• Create a requirements.txt file

2. AWS Authentication

• Read AWS credentials from environment variables
• Implement AWS Secrets Manager client initialization
• Add error handling for missing credentials

3. Secret Management

• Function to check if /aws-vault-lite/vault exists
• Create secret functionality if it doesn't exist
• Load secret data if it exists
• Functions for CRUD operations (Create, Read, Update, Delete)

4. UI Components

• Main window with split layout
• Left panel: List of secret names (keys)
• Right panel: Form to view/edit secret details
• Add/Edit/Delete buttons
• Password field handling with show/hide functionality
• Confirmation dialogs for destructive actions

5. Data Handling

• JSON parsing and formatting
• Data validation
• Error handling

Interface Design

Key UI Features:

Left Panel: Scrollable list of secret names
Right Panel: • Secret name field • Dynamic attribute fields (key-value pairs) • Password fields masked with dots and individual "Show" buttons • Button to add new attributes
Bottom Controls: • Add new secret • Save changes to current secret • Delete current secret (with confirmation)

User Flow:

App starts, checks AWS credentials
Checks if /aws-vault-lite/vault exists • If not, shows dialog to create it • If yes, loads secret data
User can select secrets from the left panel
Selected secret details appear in the right panel
User can edit values, add/remove attributes
Changes are saved to AWS when "Save" is clicked
Confirmation dialog appears for destructive actions

Does this approach align with your vision for the application? Would you like me to make any adjustments before I start creating the code?

4th PROMPT

> how it will look like to add a new secret? can you describe/design for me?

When adding a new secret in the AWS Vault Lite application, here's how the interface would look and function:

Adding a New Secret - Interface Design

When the user clicks the "+ Add Secret" button at the bottom of the main window, a new view would appear in the right panel:

Process Flow:

Initial State:
• The right panel clears and shows a form with:
• Required "Secret Name" field (marked with )
• One initial attribute row with key-value fields
• A lock/unlock toggle button (🔒) next to value fields to mark as password
• "+ Add Another Attribute" button
Adding Attributes:
• When the user clicks "+ Add Another Attribute", a new row appears:

Key: [________]
Value: [________] [🔒]

• Each row also gets a small "X" button to remove that attribute

Marking Password Fields:
• Clicking the lock icon (🔒) marks that value as a password field
• Password fields will be displayed as dots (•••••) when viewing later
Validation:
• The "Save" button is disabled until the required Secret Name is filled
• Secret names must be unique (validation against existing names)
• Empty attribute rows are ignored when saving
Saving:
• When the user clicks "Save", the application:
• Validates all inputs
• Creates a new entry in the JSON structure
• Updates the AWS secret
• Adds the new secret name to the list on the left
• Shows the newly created secret details
Cancellation:
• "Cancel" button clears the form and returns to the previously selected secret
• Or shows empty state if no secrets exist

This design provides a simple, intuitive way for users to add new secrets with flexible attributes while ensuring the required information is provided.

After that, I asked for the first draft — but it turns out the result was pretty much perfect on the first try!
Honestly, I’m impressed! 🎯✨

Done

I ran into a few issues while installing the dependencies on my machine (because of course I did 😅).
Amazon Q helped fix some minor problems related to loading environment variables and setting the default region — just small tweaks overall.

Now it’s working like a charm, and honestly, it feels like a great fit for small teams.

It still needs a few perks — like the ability to select a specific key, and maybe even support for password-based encryption so multiple teams can safely share secrets within a single AWS account.

Feel free to fork it and ask Amazon Q to tweak it to your needs. That’s what I did, and look how far we got! 😄🔧

That’s all, folks! Thanks for reading — and may your secrets always stay secret. 🕵️‍♂️🔐

Pac-Ghost - A battle-royale style maze game inspired by Pac-Man

Fabio Ferreira — Tue, 06 May 2025 00:46:22 +0000

This is a submission for the Amazon Q Developer "Quack The Code" Challenge: That's Entertainment!

What I Built

Pac-Ghost turns the classic maze into a battle-royale: you're the blue ghost competing against nine colorful AI ghosts.

You must level up "eating/killing" the random PacMan's that appears in the maze. When you kill a PacMan in the maze you will level up; if your level is higher than other ghosts level, you can kill them too; if your level is the same as other ghost, both are killed.

Win who is the last ghost stand in the maze.

Demo and Code Repository

Use Python and PyGame to run it, fly to:
https://github.com/fabiocore/pac-ghost

How I Used Amazon Q Developer

In the project's directory I've created a file called GAME.md and used the feature of 'Context management and profiles' of Amazon Q (https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-context-profiles.html) to add the file.

The GAME.md file has some guidance for the Amazon Q on what is the project is, about the game, how I would like the game to be and other things like mechanics, look and feel and etc.

1st PROMPT

Let's create a new Game using PyGame.
Use the context(GAME.md file) to understand what we will gonna build.
Plan first, Think step by step, think hard.

The response from Amazon Q was:

-- Response for the #1 PROMPT
I'll help you create the Pac-Ghost game using PyGame based on the information in the GAME.md file. Let's plan this step by step.

Game Planning for Pac-Ghost

1. Game Overview

Pac-Ghost is a battle-royale style maze game where:
• 10 ghosts (1 player, 9 AI) compete to be the last one standing
• Ghosts level up by consuming stationary PacMan characters
• Higher level ghosts can eliminate lower level ones
• Equal level ghosts eliminate each other

2. Core Components

A. Game Structure

Main game loop
State management (menu, gameplay, game over)
Rendering system
Input handling
Collision detection

B. Game Elements

Maze generation
Ghost entities (player and AI)
PacMan spawning system
Level and speed progression
Collision rules implementation

3. Implementation Plan

Let's break down our implementation into manageable steps:

Project Setup
• Create directory structure
• Initialize PyGame
• Set up basic game loop
Maze Generation
• Procedural maze generator (25-35 tiles square)
• Ensure at least 60% walkable area
• Add warp tunnels on edges
Entity Creation
• Ghost class (player and AI)
• PacMan class
• Level and speed attributes
Game Mechanics
• Movement system (grid-locked with tweening)
• PacMan spawning timer
• Collision detection and rules
• Level progression
AI Implementation
• Pathfinding with A*
• Decision making (target PacMan or weaker ghosts)
• Movement execution
Graphics and UI
• Ghost sprites with level indicators
• PacMan sprites
• Maze rendering
• Death animation effects
Audio System
• Sound effects for pickups
• Sound effects for ghost eliminations
Game States
• Main menu
• Gameplay
• Spectator mode
• Victory/defeat screen

4. File Structure

Let's organize our project with this file structure:

pac-ghost/
├── main.py # Entry point
├── game/
│ ├── init.py
│ ├── constants.py # Game constants
│ ├── game.py # Main game class
│ ├── maze.py # Maze generation
│ ├── entities/
│ │ ├── init.py
│ │ ├── ghost.py # Ghost class
│ │ └── pacman.py # PacMan class
│ ├── ai/
│ │ ├── init.py
│ │ └── pathfinding.py # A* implementation
│ └── ui/
│ ├── init.py
│ ├── menu.py # Menu screens
│ └── hud.py # In-game UI
├── assets/
│ ├── images/
│ │ ├── ghost.svg
│ │ ├── ghost-colors.svg
│ │ ├── pacman.svg
│ │ └── death-effect.svg
│ └── sounds/
│ ├── pickup.wav
│ └── elimination.wav
└── utils/
├── init.py
└── helpers.py # Utility functions

5. Implementation Details

Let's start by creating the core files for our game. I'll begin with the main entry point and the basic game structure.

After some time waiting Amazon Q developing the game, I got the first working version of the game, with some issues that I ask it to solve, so iterate with my second prompt.

2nd PROMPT

OK, I guess we are almost there, but we need to fix some things.

The level is not visible, although I can see it, is kind inside the ghost image and the lvl is not easy to read.

The IA ghosts are cheating, they kill me passing through the walls without respecting the maze walls.

I was able to kill another ghost in the same level as me, If the ghosts are in the same level, both got killed.

I would like the game looking and feel like the original classic PacMan with black background and blue walls like 1980 game.

After the second iteration, the ghosts are still cheating, but the speed was better.

3rd PROMPT

ok, for some reason the ghosts are still cheating. I saw them ignoring the maze walls. Besides that, when they are 'cheating' the also increase their own speed at insane speed!
The speed should be equal at start, and only when a ghost level up it gots a little bit more speed, not much.
Also, I got the below error in the console(although the game is working)
:488: RuntimeWarning: Your system is avx2 capable but pygame was not built with support for it. The performance of some of your blits could be adversely affected. Consider enabling compile time detection with environment variables like PYGAME_DETECT_AVX2=1 if you are compiling without cross compilation.
pygame 2.5.2 (SDL 2.30.0, Python 3.12.3)
Hello from the pygame community. https://www.pygame.org/contribute.html
Could not load sound file: pickup.wav, error: RIFF form type is not WAVE (not a Waveform file)
Could not load sound file: elimination.wav, error: RIFF form type is not WAVE (not a Waveform file)

Now the ghost are better, but still cheating for some reason. I guess the machines find out its way to break the rules too. :D

But I'm satisfied with the current version of the game and perhaps I'll iterate more on the future and add some features.

That's all! Thank you!