A (somewhat) opinionated but simple tool for fetching configuration and secrets and injecting them as environment variables. Supports managing secrets in AWS Secrets Manager and storing non-secret configuration in AWS S3.
Secrets should be stored in AWS Secret Manager, with the following convention: {service name}-{environment}, for instance: server-staging.
Create an S3 bucket to store configuration files in. There should be directory per service, containing one file per environment. For instance, we could have the following structure:
.
├── web-server
│ ├── staging.yml
│ └── production.yml
├── service-a
│ ├── staging.yml
│ └── production.yml
├── service-b
│ ├── staging.yml
│ └── production.yml
The files should be in .yaml format, with all environment variables stored under the "environment" key. Example:
environment:
NODE_ENV: production
TZ: UTC
- Make sure that you have python installed
- Run
pip install pyyaml - Install bpkg if not already installed by running
curl -Lo- "https://raw.githubusercontent.com/bpkg/bpkg/master/setup.sh" | bash - Install aws-env:
sudo bpkg install meirshal/aws-env
$ env $(aws-env -e <environment> -s <service name> -b <S3 base path> | xargs) your_process_here