A simple system for managing secrets using AWS S3 and KMS.
npm install -g setec
echo '{
"s3-bucket": "my-bucket",
"s3-prefix": "my-prefix"
}' > ~/.setec
npm install setec
setec list
If the secret already exists, the value will simply be updated. If the secret doesn't exist, than a new object for the secret will be created in S3, a new key will be created to encrypt the plaintext, and a new AWS policy will be created to allow you to grant access to the secret.
setec set <key> <value>
Will throw an error if the secret does not exist.
setec get <key>
I reccomend only setting secrets from the command line, and using the javascript client specifically to retrieve them at runtime.
const Setec = require('setec');
const secrets = new Setec({
"s3-bucket": "my-bucket",
"s3-prefix": "my-prefix"
});
secrets.get('database-password').then(dbPassword => {
const db = new Database("user-not-a-secret", dbPassword);
});Copyright 2016 Datanalytics, Inc. d/b/a Juristat.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this library except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.