Skip to content

Commit

Permalink
Change Secrets Manager syntax (#19)
Browse files Browse the repository at this point in the history
  • Loading branch information
s12v authored Mar 7, 2021
1 parent e68e666 commit 1c0f268
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ This utility looks for prefixed variables in environment and replaces them with
- `{aws-kms}AQICAHjA3mwbmf...` - decrypts the value using AWS KMS
- `{aws-ssm}/app/param` - loads parameter `/app/param` from AWS Systems Manager Parameter Store
- `{aws-sm}/app/param` - loads secret `/app/param` from AWS Secrets Manager
- `{aws-sm}/app/param{prop1}` - loads secret `/app/param` from AWS Secrets Manager and takes `prop1` property
- `{aws-sm}/app/param[prop1]` - loads secret `/app/param` from AWS Secrets Manager and takes `prop1` property
- `{az-kv}vault/name` - loads secret `name` from Azure Key Vault `vault`

After decrypting secrets it runs [`exec`](https://en.wikipedia.org/wiki/Exec_(system_call)) system call, replacing itself with your app.
Expand Down
4 changes: 2 additions & 2 deletions provider/awssecretsmanager/awsecretsmanager.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type SecretsManagerProvider struct {

const prefix = "{aws-sm}"

var postfix = regexp.MustCompile("{[^{^}]+}$")
var postfix = regexp.MustCompile(`\[[^]]+\]$`)

var fetch func(
awsClient *secretsmanager.Client,
Expand Down Expand Up @@ -56,7 +56,7 @@ func (p *SecretsManagerProvider) Decode(val string) (string, error) {
name := val[len(prefix):]
property := postfix.FindString(name)
if property != "" {
return p.decodeJson(name, strings.Trim(property, "{}"))
return p.decodeJson(name, strings.Trim(property, "[]"))
}
return p.fetchString(name)
}
Expand Down
6 changes: 3 additions & 3 deletions provider/awssecretsmanager/awsecretsmanager_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func TestSecretsManagerProvider_DecodeJson(t *testing.T) {
return &secretsmanager.GetSecretValueOutput{SecretString: &value}, nil
}

if r, _ := provider.Decode("{aws-sm}/foo/bar{prop2}"); r != "bbb" {
if r, _ := provider.Decode("{aws-sm}/foo/bar[prop2]"); r != "bbb" {
t.Fatalf("unexpected value %v", r)
}
}
Expand All @@ -72,7 +72,7 @@ func TestSecretsManagerProvider_DecodeJson_MissingProperty(t *testing.T) {
return &secretsmanager.GetSecretValueOutput{SecretString: &value}, nil
}

if _, err := provider.Decode("{aws-sm}/foo/bar{prop3}"); err == nil {
if _, err := provider.Decode("{aws-sm}/foo/bar[prop3]"); err == nil {
t.Fatal("expected an error")
}
}
Expand Down Expand Up @@ -102,7 +102,7 @@ func TestSecretsManagerProvider_DecodeJson_FetchError(t *testing.T) {
return nil, errors.New("test error")
}

if _, err := provider.Decode("{aws-sm}/foo/bar{prop1}"); err == nil {
if _, err := provider.Decode("{aws-sm}/foo/bar[prop1]"); err == nil {
t.Fatal("expected an error")
}
}
Expand Down

0 comments on commit 1c0f268

Please sign in to comment.