Sometimes you need to retrieve data from AWS Secrets Manager, but extending your application to support it or installing the AWS CLI can be redundant or overly complicated. For these cases, I created a simple binary CLI tool.
Background
AWS Secrets Manager is a powerful service for handling sensitive objects. In this service, you can store not only database credentials but also key-value pairs, plaintext, and binary secrets. It is often very useful to manage sensitive data (such as JKS, TLS certificates and keys, or SSH keys) in Secrets Manager and deliver it to your workload on demand.
I love this use case, and to simplify and speed up the process, I created a very simple tool to retrieve plaintext or binary secrets and save them to a local file. I mostly use it in sidecars or init containers to bring required data to my workload.
How to Use It
To download a binary secret, simply run:
/bin/aws-secret-to-file --secret=/secret/name/here --output=./location/for/the/file --binary
The same approach works for plaintext secrets. You can retrieve a single secret:
/bin/aws-secret-to-file --secret=/secret/name/here --output=./location/for/the/file
Or retrieve multiple secrets:
/bin/aws-secret-to-file \
--secret=/secret/name/here1 --output=./location/for/the/file1 \
--secret=/secret/name/here2 --output=./location/for/the/file2
How to Get It
Pull the Docker image from GitHub.
Top comments (0)