Skip to content
/ eg2 Public

CLI for managing cloud secrets for multiple environments

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

skabillium/eg2

BranchesTags

Repository files navigation

Eg2 Cloud environment manager

Eg2 is a command-line interface tool to help with managing your application secrets using the cloud. Currently it only supports AWS SSM but more integrations are on the way. With Eg2 you can:

  • Create, read, update and delete secrets.
  • Load and export environments as .env files.
  • Run commands with an environment.

Eg2 supports setting multiple applications and stages offering a centralized store for all your secrets.

Installation

You will need at least Node.js 18 and npm 7. Lastly make sure to configure your AWS credentials locally.

After all that you can install the cli globaly:

npm install -g eg2

Usage

Define a secret:

eg2 set REDIS_URL redis://localhost:6379 --service myapp --stage development

Load from .env file:

eg2 load .env --service myapp --stage development

Tip: You can run eg2 config to setup default values for the --service and --stage options. These values are saved locally in your project's root directory to avoid conflicts with other projects. After that you can omit these options when using the cli.

Run a command with a specified environment:

eg2 run --stage production node app.js

You can use the --raw or -r option when listing the secrets for a stage to output them to stdout as an env file. The following command using the unix env command to run a script loading an environment:

env $(eg2 list --raw) node app.js

Run eg2 --help for a more detailed specification.

Type safety

If you want to include the secret types in your process.env run eg2 types path/to/your/file.ts. This will create a file in the specified path with all the type declarations for your secrets.

export type ServiceSecrets = {
    BACKEND_URL: string;
    DB_URL: string;
    CACHE_URL: string;
};

declare global {
    namespace NodeJS {
        interface ProcessEnv extends PackServiceSecrets {}
    }
}

If you don't want to attach the secrets' types to the process.env object run the command with the --no-global option.

How it works

The cli uses AWS SSM to store environment variables. Since SSM is a key value store each application's secrets have their own prefix, for the example application my-api you can find all variables stored in the Systems Manager Dashboard under the prefix /eg2/my-api/{stage}/{secret}. So when you set a secret PASSWORD for the development stage it will be saved as /eg2/my-api/development/PASSWORD.

IAM Credentials

The permissions needed for all the basic operations are the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameters",
                "ssm:GetParameter",
                "ssm:GetParametersByPath",
                "ssm:PutParameter",
                "ssm:DeleteParameter"
            ],
            "Resource": [
                "arn:aws:ssm:{REGION}:{ACCOUNT_ID}:parameter/{YOUR_PARAMETER_STORE_PATH}",
                "arn:aws:ssm:{REGION}:{ACCOUNT_ID}:parameter/{YOUR_PARAMETER_STORE_PATH}/*"
            ]
        }
    ]
}

About

CLI for managing cloud secrets for multiple environments

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages