Comments (5)
Up! I would love to map secrets to env vars instead of exposing them in settings.json
from zappa.
Once you have the ARN you can pull the secret pretty easily. Here is the code I use:
SECRETSMANAGER = 'secretsmanager'
secret_name = os.path.expandvars(section[AWS_SECRET_NAME])
region_name = os.path.expandvars(section[AWS_REGION_NAME])
session = boto3.session.Session()
client = session.client( service_name=SECRETSMANAGER,
region_name=region_name)
try:
get_secret_value_response = client.get_secret_value( SecretId=secret_name )
except ClientError as e:
raise SecretsManagerError(e)
secret = json.loads(get_secret_value_response['SecretString'])
The ARN is your key to unlocking the secrets! But role under which the Lambda is running needs access to either the specific ARN, or else all ARNs within the secrets manager. This is a pain to set up, and it changes frequently, so tit would be nice for Zappa to automate the creation of the AWS authorizations. I was not suggesting that Zappa get the secret out of the Secrets Manager and put the secret in into the environment.
from zappa.
Something like that would be great
{{resolve:secretsmanager:${secretName}:SecretString:password}
from zappa.
Right now this is how I'm adding AWS secrets to my zappa_config.json file:
"environment_variables": {
"AWS": "YES",
"DBREADER":"arn:aws:secretsmanager:us-east-1:376778041234:secret:dbreader_prod-734s,
"DBWRITER":"arn:aws:secretsmanager:us-east-1:376778041234:secret:dbwriter_prod-akana",
}
I would like to see Zappa do something along these lines:
"aws_secrets":
["arn:aws:secretsmanager:us-east-1:376778041234:secret:dbreader_prod-734s",
"arn:aws:secretsmanager:us-east-1:376778041234:secret:dbwriter_prod-akana"],
Zappa would then automatically make sure that the IAM Role that it creates has access to the two ARNs.
from zappa.
@simsong but this way you are just passing ARN to the env, these secrets aren't resolving to actual values?
I'm lookin for the option to pull resolved secrets.
from zappa.
Related Issues (20)
- Adding support for `pre-commit` hooks HOT 1
- Delayed asynchronous invocation using SFN HOT 5
- Manually created API Gateway method not working after zappa update HOT 2
- Zappa "package" command result in incomplete .zip outputs HOT 2
- Wheels for lxml 4.9.3 are not being downloaded HOT 2
- Deployed API Gateway points to $LATEST HOT 2
- Slack message on deploy? HOT 2
- About Python 3.12 support HOT 1
- django.server logs are not shown in CloudWatch - Using Zappa HOT 3
- Enpoint request timedout error (Django deployed with zappa) HOT 2
- API Gateway Resource Policy limits with too many scheduled events HOT 2
- zappa certify → AttributeError: 'NoneType' object has no attribute 'split' HOT 7
- Please create 'version' command that prints zappa version HOT 3
- There's no obvious way to join the Zappa slack HOT 5
- Tiktoken package for openai script not working HOT 3
- Python 3.12 not supported
- Python 3.12 is not supported HOT 1
- Python3.12 is not supported HOT 1
- Provide better error message for the user's failure to run `pip freeze
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zappa.