Class: SecretConfig::Providers::Ssm

Inherits:

Provider

• Object
• Provider
• SecretConfig::Providers::Ssm

Defined in:

lib/secret_config/providers/ssm.rb

Overview

Use the AWS System Manager Parameter Store for Centralized Configuration / Secrets Management

Instance Attribute Summary

• #client ⇒ Object readonly

  Returns the value of attribute client.

• #key_id ⇒ Object readonly

  Returns the value of attribute key_id.

• #logger ⇒ Object readonly

  Returns the value of attribute logger.

• #retry_count ⇒ Object readonly

  Returns the value of attribute retry_count.

• #retry_max_ms ⇒ Object readonly

  Returns the value of attribute retry_max_ms.

Instance Method Summary

• #delete(key) ⇒ Object

  Deletes the key.

• #each(path) ⇒ Object
• #fetch(key) ⇒ Object

  Returns the value or ‘nil` if not found.

• #initialize(key_id: ENV["AWS_ACCESS_KEY_ID"], key_alias: ENV["AWS_ACCESS_KEY_ALIAS"], retry_count: 10, retry_max_ms: 3_000) ⇒ Ssm constructor

  A new instance of Ssm.

• #set(key, value, encrypt: true) ⇒ Object

Methods inherited from Provider

#to_h

Constructor Details

#initialize(key_id: ENV["AWS_ACCESS_KEY_ID"], key_alias: ENV["AWS_ACCESS_KEY_ALIAS"], retry_count: 10, retry_max_ms: 3_000) ⇒ Ssm

Returns a new instance of Ssm.

# File 'lib/secret_config/providers/ssm.rb', line 13

def initialize(key_id: ENV["AWS_ACCESS_KEY_ID"], key_alias: ENV["AWS_ACCESS_KEY_ALIAS"], retry_count: 10, retry_max_ms: 3_000)
  @key_id       =
    if key_alias
      key_alias =~ %r{^alias/} ? key_alias : "alias/#{key_alias}"
    else
      key_id
    end
  @retry_count  = retry_count
  @retry_max_ms = retry_max_ms
  @logger       = SemanticLogger["Aws::SSM"] if defined?(SemanticLogger)
  @client       = Aws::SSM::Client.new(logger: logger)
end

Instance Attribute Details

#client ⇒ Object (readonly)

Returns the value of attribute client.

# File 'lib/secret_config/providers/ssm.rb', line 11

def client
  @client
end

#key_id ⇒ Object (readonly)

Returns the value of attribute key_id.

# File 'lib/secret_config/providers/ssm.rb', line 11

def key_id
  @key_id
end

#logger ⇒ Object (readonly)

Returns the value of attribute logger.

# File 'lib/secret_config/providers/ssm.rb', line 11

def logger
  @logger
end

#retry_count ⇒ Object (readonly)

Returns the value of attribute retry_count.

# File 'lib/secret_config/providers/ssm.rb', line 11

def retry_count
  @retry_count
end

#retry_max_ms ⇒ Object (readonly)

Returns the value of attribute retry_max_ms.

# File 'lib/secret_config/providers/ssm.rb', line 11

def retry_max_ms
  @retry_max_ms
end

Instance Method Details

#delete(key) ⇒ Object

Deletes the key. Nothing is done if the key was not found.

# File 'lib/secret_config/providers/ssm.rb', line 71

def delete(key)
  client.delete_parameter(name: key)
rescue Aws::SSM::Errors::ParameterNotFound
end

#each(path) ⇒ Object

# File 'lib/secret_config/providers/ssm.rb', line 26

def each(path)
  retries = 0
  token   = nil
  loop do
    begin
      resp = client.get_parameters_by_path(
        path:            path,
        recursive:       true,
        with_decryption: true,
        next_token:      token
      )
    rescue Aws::SSM::Errors::ThrottlingException => e
      # The free tier allows 40 calls per second.
      # The Higher Throughput tier for additional cost is still limited to 100 calls per second.
      # Using a random formula since this limit is normally only exceeded during a high volume restart period
      # so we want to spread out the retries of the multiple servers.
      retries += 1
      if retry_limit > retries
        sleep_seconds = rand(retry_max_ms) / 1000.0
        logger&.info("SSM Parameter Store GetParametersByPath API Requests throttle exceeded, retry: #{retries}, sleeping #{sleep_seconds} seconds.")
        sleep(sleep_interval)
        retry
      end
      logger&.info("SSM Parameter Store GetParametersByPath API Requests throttle exceeded, retries exhausted.")
      raise(e)
    end

    resp.parameters.each { |param| yield(param.name, param.value) }
    token = resp.next_token
    break if token.nil?
  end
end

#fetch(key) ⇒ Object

Returns the value or ‘nil` if not found

# File 'lib/secret_config/providers/ssm.rb', line 77

def fetch(key)
  client.get_parameter(name: key, with_decryption: true).parameter.value
rescue Aws::SSM::Errors::ParameterNotFound
end

#set(key, value, encrypt: true) ⇒ Object

# File 'lib/secret_config/providers/ssm.rb', line 59

def set(key, value, encrypt: true)
  client.put_parameter(
    name:      key,
    value:     value.to_s,
    type:      encrypt ? "SecureString" : "String",
    key_id:    key_id,
    overwrite: true
  )
end