Displaying 1 to 9 from 9 results

mrcrypt - A command-line tool that uses AWS KMS to encrypt secrets once, and decrypted them in multiple AWS regions

  •    Python

mrcrypt is a command-line tool that allows you to encrypt secrets in multiple AWS regions using KMS keys using a technique called Envelope Encryption. It is intended to be used with the AWS Encryption SDK for Java, but could be used on its own.Both the encrypt, and decrypt commands can encrypt and decrypt files in directories recursively.

kubesec - Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)

  •    Go

Secure secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends).The nice thing about this approach (compared to complete file encryption) is that git diff and git merge become so much more user-friendly (+ you can ascertain that specific entry is present even if you don't have the key to decrypt the secret).

serverless-env-generator - A Serverless 1

  •    Javascript

This plugin automatically creates a .env file during deployment by merging environment variables from one or more YAML files. During runtime these variables can then be loaded into process.env using dotenv. For a brief introduction, read our blogpost about introducing serverless-env-generator.

envsec - Encrypted environment variables via AWS KMS

  •    Go

Envsec (es) encrypts and decrypts environment variables using AWS KMS. When encrypting it passes the variable values to KMS, let's the service encrypt them and prefixes the variables with a configurable prefix (default: ENVSEC_). When decrypting, it executes a given process and passes the decrypted environment variables (without the prefix) to the new process. The usage of KMS allows authorized operators to encrypt configuration secrets and submit them to version control, ECS task definitions and other sources of configuration truths while the decryption operation can be bound to different principals, e.g. the role of an EC2 instance's instance profile.

secure-exec - Populate secrets from AWS KMS, SSM or Secrets Manager into your app environment

  •    Go

secure-exec populates secrets from AWS KMS, SSM, or Secrets Manager into your app environment. Then it runs exec system call and replaces itself with your app. The secrets are only available to your application and not accessible with docker inspect.

elastic-ci-stack-s3-secrets-hooks - 🕵️‍♀️ Expose secrets to your buildkite build steps via Amazon S3

  •    Shell

A set of agent hooks thta expose secrets to build steps via Amazon S3 (encrypted-at-rest). Used in the Elastic CI Stack for AWS. The hooks needs to be installed directly in the agent so that secrets can be downloaded before jobs attempt checking out your repository. We are going to assume that buildkite has been installed at /buildkite, but this will vary depending on your operating system. Change the instructions accordingly.

aws-env - Securely populate environment variables using KMS/SSM/Secrets manager on AWS.

  •    Go

A small library and binary for securely handling secrets in environment variables on AWS. Supports KMS, SSM Parameter store and secrets manager. Inspired by ssm-env. Both the library and binary versions of aws-env will loop through the environment and exchange any variables prefixed with sm://, ssm:// and kms:// with their secret value from Secrets manager, SSM Parameter store or KMS respectively. In order for this to work, the instance profile (EC2), task role (ECS), or execution role (Lambda) must have the correct privileges in order to retrive the secret values and/or decrypt the secret using KMS.

aws-kms-thingy - 🔐 Convenience wrapper & CLI around the AWS Node

  •    TypeScript

Convenience wrapper around the AWS Node.js SDK to simplify encrypting/decrypting secrets with the AWS KMS service. Suitable for use with AWS Lambda. The module assumes that the Amazon SDK has access to AWS credentials that are able to access the KMS key used for encryption and decryption.

exec-with-secrets - Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault

  •    Go

After decrypting secrets it runs [exec](https://en.wikipedia.org/wiki/Exec_(system_call) system call, replacing itself with your app. The app can simply access decrypted secrets in the environment. You need to put a real KMS-encrypted value and pass AWS credentials to the container.