-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathaws-secrets.sh
executable file
·44 lines (36 loc) · 1.17 KB
/
aws-secrets.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
# Assumes you have set your AWS_PROFILE or credentials - including the region
# ./aws-secrets.sh list
# ./aws-secrets.sh list dev-xyz-
#
# ./aws-secrets.sh values
# ./aws-secrets.sh values dev-xyz-
#
# ./aws-secrets.sh create dev-xyz-device-check 'SOME-VALUE'
# ./aws-secrets.sh create dev-xyz-jwt "{\"key\": \"ABC{'&m\`<N\`\"}" # Illustrates where we have to escape the ` char
#
set -eou pipefail
green_text='\e[32m'
reset_text='\e[0m'
create() {
# NOTE: Not catering for KMS, description, tags etc. here - KISS
: ${1?Secret name is required}
: ${2?Secret value is required}
name=${1}
value=${2}
aws secretsmanager create-secret --name ${name} --secret-string "${value}"
}
list() {
# NOTE: Ignoring paging here, assumes we do not have a large number of secrets in our case - KISS
prefix=${1:-}
aws secretsmanager list-secrets --output json | jq -r '.SecretList[] | select(.Name | startswith("'${prefix}'"))| .Name' | sort
}
values() {
prefix=${1:-}
for name in $(list "${prefix}"); do
value=$(aws secretsmanager get-secret-value --secret-id ${name} --output json | jq -r .SecretString)
echo -e "${green_text}${name}${reset_text}\n${value}\n"
done
}
# Main
"$@"