Skip to content

ssmenv provides a way to replace environment variables with AWS Systems Manager Parameter Store values.

License

Notifications You must be signed in to change notification settings

Finatext/ssmenv-go

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ssmenv-go

Go Reference

ssmenv-go provides a way to replace environment variables with AWS Systems Manager Parameter Store values.

If the value of an environment variable begins with ssm://, it will be replaced by the corresponding SSM parameter value. If no environment variable starts with ssm://, no API calls are made, and the original environment variables are returned unchanged.

In the following example, ssmenv-go fetches the value stored under the /some_parameter/path key, and the returned map will contain the fetched value instead of the original key.

os.Setenv("SOME_ENV", "ssm:///some_parameter/path")

awsConfig, err := awsconfig.LoadDefaultConfig(ctx)
if err != nil {
  return errors.Wrap(err, "failed to load AWS config")
}
ssmClient := ssm.NewFromConfig(awsConfig)
replacedEnv, err := ssmenv.ReplacedEnv(ctx, ssmClient, os.Environ())

The complete code is available at https://github.com/Finatext/belldog/blob/main/cmd/lambda/lambda.go

Use the returned os.Environ() compatible slice with tools like envconfig. An example with env package:

replacedEnv, err := ssmenv.ReplacedEnv(ctx, ssmClient, os.Environ())
if err != nil {
  return errors.Wrap(err, "failed to fetch replaced env")
}
config, err := env.ParseAsWithOptions[appconfig.Config](env.Options{
  Environment: replacedEnv,
})
if err != nil {
  return errors.Wrap(err, "failed to process config from env")
}

IAM permissions

ssmenv-go uses ssm:GetParameters operation.

Acknowledgements

The approach of replacing environment variable values that start with the ssm:// format was inspired by remind101/ssm-env.

The approach used by ssmenv-go (this library) differs from ssm-env in that it avoids passing secrets through environment variables, as this is generally not considered a best practice for security. Environment variables can sometimes be exposed in logs, error messages, or system dumps, so it's safer to handle sensitive data directly within the application.

About

ssmenv provides a way to replace environment variables with AWS Systems Manager Parameter Store values.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages