parameterstore_databag_wrapper

Usage

Provides wrapper for Chef's EncryptedDataBagItem that adds support for reading secrets from ParameterStore and simplifies the obtainment of database secrets. This would be used with Chef Cookbooks to provide sensitive credentials and data to deployed nodes using ParameterStore as the source for the secrets.

Libraries

Amplify::EncryptedDataBagItem

Read from Databags from either Chef or ParameterStore using the Amplify::EncryptedDataBagItem class. During local testing these values will be stored in an encrypted chef databag under test/chef/data_bags/<data_bag_name>/local.json. During deployment to a real environment, these values are stored in ParameterStore.

data_bag = Amplify::EncryptedDataBagItem.load('data_bag_name', 'environment_name')
some_value = data_bag[:some_value]
some_other_value = data_bag[:some_other_value]

Amplify::EncryptedDatabaseInfo

Read database credentials and hostname information using the Amplify::EncryptedDatabaseInfo class. During local testing these values will be stored in an encrypted chef databag under test/chef/data_bags/<database_name>/local.json. During deployment these values are stored in ParameterStore.

dbinfo = Amplify::EncryptedDatabaseInfo.load('some_db_name', 'environment_name')
host = dbinfo[:host]
user = dbinfo[:user]
password = dbinfo[:password]

parameterstore_databag_wrapper

Provides wrapper for EncryptedDataBagItem which adds support for reading secrets from ParameterStore and simplifies the obtainment of database secrets.

About Amplify

Amplify builds innovative and compelling digital educational products that empower teachers and students across the country. We have a long history as the leading innovator in K-12 education - and have been described as the best tech company in education and the best education company in tech. While others try to shrink the learning experience into the technology, we use technology to expand what is possible in real classrooms with real students and teachers.

Learn more at https://www.amplify.com

Getting Started

Prerequisites

  • Ruby >= 2.2.3
  • gems
    • Runtime
      • aws-sdk ~> 3.0
      • chef ~> 12.0
      • chef-zero ~> 5.3
      • hashie ~> 3.5
    • Testing
      • aws-sdk ~> 3.0
      • chef ~> 12.0
      • chefspec ~> 7.1
      • chef-zero ~> 5.3
      • hashie ~> 3.5
      • rake ~> 12.3
      • rubocop ~> 0.54
      • rspec ~> 3.7
      • webmock ~> 3.3
      • bundler

Installing/Building

Install all dependencies using bundle install.

An installable packaged gem can be created if the following command is ran inside the repo's directory: gem build parameterstore_databag_wrapper.gemspec

Running Tests

Using bundler, run bundle exec rake test to start all test suites.

Responsible Disclosure

If you have any security issue to report, contact project maintainers privately. You can reach us at [email protected]

Contributing

We welcome pull requests! For your pull request to be accepted smoothly, we suggest that you:

  1. For any sizable change, first open a GitHub issue to discuss your idea.
  2. Create a pull request. Explain why you want to make the change and what it’s for. We’ll try to answer any PR’s promptly.