sops-secretsmanager-cdk

Safely load secrets from sops into secretsmanager using the CDK

Usage

import { SopsSecretsManager } from 'sops-secretsmanager-cdk';
...
new SopsSecretsManager(this, 'StoreSecrets', {
    path: './path/to/secretsfile.yaml',
    kmsKey: myKey,  // or use kms.Key.fromKeyArn
    secretName: 'TestSecret',  // or secret: mySecret
    mappings: {
        nameInSecretsManager: {
            path: ['path', 'to', 'value', 'in', 'secretsfile'],
            // optionally pass encoding: 'json' to pass a portion of the secrets file
        },
        anotherThingInSecretsManager: {
            path: ['other', 'path'],
        },
        // etc
    },
});

Implementation

Using the CDK's custom resource mini-framework, the sops secrets file is uploaded to S3 as an asset as is, still encoded. The custom resource Lambda then decodes the secrets (in memory, never on disk) and puts them into the SecretsManager secret.

sops-secretsmanager-cdk-test

sops-secretsmanager-cdk

Usage

Implementation

/sops-secretsmanager-cdk-test/

Package Sidebar

Install

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

sops-secretsmanager-cdk-test

sops-secretsmanager-cdk

Usage

Implementation

/sops-secretsmanager-cdk-test/

Package Sidebar

Install

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads