Skip to content

k1LoW/awsecrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

121 Commits
bin
bin
 
 
lib
lib
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
.rspec
.rspec
 
 
.rubocop.yml
.rubocop.yml
 
 
.travis.yml
.travis.yml
 
 
Gemfile
Gemfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
awsecrets.gemspec
awsecrets.gemspec
 
 

Repository files navigation

awsecrets Gem Travis

AWS credentials loader

awsecrets config precedence

  1. Command Line Options (Awscreds#load method args OR self optparse)
  2. Environment Variables
  3. YAML file (secrets.yml)
  4. The AWS credentials file
  5. The CLI configuration file
  6. Instance profile credentials

(See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#config-settings-and-precedence)

Installation

Add this line to your application's Gemfile:

gem 'awsecrets'

And then execute:

$ bundle

Or install it yourself as:

$ gem install awsecrets

Usage example

Generate exception with wrong configuration

For some use cases, awsecrets might raise an exception if (even after all attempts to configure access to an AWS account) there is missing configuration parameters.

In other cases, this might not be desired.

To have control on that, you can use the environment variable DISABLE_AWS_CLIENT_CHECK: if you set it to the string 'true', it will not attempt to early create an Aws::EC2::Client instance with the found parameters.

By default, even if you don't set DISABLE_AWS_CLIENT_CHECK it will be treated like true.

To enable this early checking, you must setup DISABLE_AWS_CLIENT_CHECK with the string 'false'.

Basic example

Create a command line tool ec2sample like following code:

#!/usr/bin/env ruby
require 'awsecrets'
Awsecrets.load
ec2_client = Aws::EC2::Client.new
puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first

Then execute it with command line parameters:

$ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1

or with environment variables configuration:

$ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa

or using an YAML file:

$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF
$ ec2sample i-1aa1aaaa

Use AssumeRole

Support role_arn role_session_name source_profile external_id.

1. .aws/config and .aws/credentials

see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html

# .aws/config
[profile assumed]
role_arn = arn:aws:iam::123456780912:role/assumed-role
external_id = myfoo_id
source_profile = assume_test

# .aws/credentials
[assume_test]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

And execute

$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1

2. secrets.yml

$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
role_arn = arn:aws:iam::123456780912:role/assumed-role

And execute

$ ec2sample i-1aa1aaaa

Disable load YAML (secrets.yml)

Awsecrets.load(disable_load_secrets:true)

or

Awsecrets.load(secrets_path:false)

Contributing

  1. Fork it !
  2. Create your feature branch (git checkout -b my-new-feature).
  3. Commit your changes (git commit -am 'Add some feature').
  4. Push to the branch (git push origin my-new-feature).
  5. Create a new Pull Request.

About

AWS credentials loader

Topics

aws aws-credentials

Resources

Readme

License

MIT license
Activity

Stars

17 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases 20

v1.15.1 Latest
Nov 4, 2020
19 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 5

Languages