KMS Choice and Documentation #20
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…, and better encapsulate behaviors (among other things to simplify testing)
…lified/standardized the interface (i.e. `configure`, `merge`, `plan`, and `__init__`)
…nd line flags to ENV variables (fixes runtheops#15), (2) a way to generate YAML files for branches of the SSM tree (closes runtheops#11), (3) the ability to ignore SecureString keys if they are not necessary (closes runtheops#13), (4) support for the SSM StringList type and more timely type coercion so e.g. YAML integers and SSM strings match, and (5) the introduction of metadata in the YAML files to permit compatibility checking (more general fix for runtheops#15 with support for new features)
…` class to simplify inserts (both backwards-compatible to the `SecureTag`. For safer backups, an `AWS_NO_DECRYPT` (i.e. kwarg `no_decrypt`) was added. README was updated and the CLI commands were fully converted to `git` style names.
|
P.S. If you merge this PR, you'll get all of the improvements at once. I left them in separate and sequenced PRs so you'd have an easier time reviewing the change in the context of my PR comments. If anyone wants to use the improved code before it gets merged (and hopefully updated on |
|
Any update on this PR? |
|
Doesn't look like there's any action on this repo anymore. You can add my fork to your project directly... or we can work on getting it up onto pypi (under a new name obviously). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this PR (built on #19 for simple merging):
SecretYAML tag class that supported custom KMS keys. I later added aSecureStringclass (and!SecureStringtag) as a more memorable syntax for adding secrets (all backwards compatible withSecureTag).gitequivalents. The only alias I left was forplanas I rarely use git in the CLI sostatusis not as obvious (to me) asclone,pull, andpush.SSM_NO_DECRYPToption.This will probably be my last PR for some time (unless I discover a bug or someone needs a behavior tweaked). I dove into this project so we could use it to migrate YAML configs to Parameter Store and continue to maintain those configs on parameter store. At this point, the project does enough of what we need to get back to the migration itself.