diff --git a/README.md b/README.md index e302a8d..198135a 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This utility looks for prefixed variables in environment and replaces them with - `{aws-kms}AQICAHjA3mwbmf...` - decrypts the value using AWS KMS - `{aws-ssm}/app/param` - loads parameter `/app/param` from AWS Systems Manager Parameter Store - `{aws-sm}/app/param` - loads secret `/app/param` from AWS Secrets Manager - - `{aws-sm}/app/param{prop1}` - loads secret `/app/param` from AWS Secrets Manager and takes `prop1` property + - `{aws-sm}/app/param[prop1]` - loads secret `/app/param` from AWS Secrets Manager and takes `prop1` property - `{az-kv}vault/name` - loads secret `name` from Azure Key Vault `vault` After decrypting secrets it runs [`exec`](https://en.wikipedia.org/wiki/Exec_(system_call)) system call, replacing itself with your app. diff --git a/provider/awssecretsmanager/awsecretsmanager.go b/provider/awssecretsmanager/awsecretsmanager.go index d4bcf17..3c23781 100644 --- a/provider/awssecretsmanager/awsecretsmanager.go +++ b/provider/awssecretsmanager/awsecretsmanager.go @@ -21,7 +21,7 @@ type SecretsManagerProvider struct { const prefix = "{aws-sm}" -var postfix = regexp.MustCompile("{[^{^}]+}$") +var postfix = regexp.MustCompile(`\[[^]]+\]$`) var fetch func( awsClient *secretsmanager.Client, @@ -56,7 +56,7 @@ func (p *SecretsManagerProvider) Decode(val string) (string, error) { name := val[len(prefix):] property := postfix.FindString(name) if property != "" { - return p.decodeJson(name, strings.Trim(property, "{}")) + return p.decodeJson(name, strings.Trim(property, "[]")) } return p.fetchString(name) } diff --git a/provider/awssecretsmanager/awsecretsmanager_test.go b/provider/awssecretsmanager/awsecretsmanager_test.go index 4f1c130..533018f 100644 --- a/provider/awssecretsmanager/awsecretsmanager_test.go +++ b/provider/awssecretsmanager/awsecretsmanager_test.go @@ -53,7 +53,7 @@ func TestSecretsManagerProvider_DecodeJson(t *testing.T) { return &secretsmanager.GetSecretValueOutput{SecretString: &value}, nil } - if r, _ := provider.Decode("{aws-sm}/foo/bar{prop2}"); r != "bbb" { + if r, _ := provider.Decode("{aws-sm}/foo/bar[prop2]"); r != "bbb" { t.Fatalf("unexpected value %v", r) } } @@ -72,7 +72,7 @@ func TestSecretsManagerProvider_DecodeJson_MissingProperty(t *testing.T) { return &secretsmanager.GetSecretValueOutput{SecretString: &value}, nil } - if _, err := provider.Decode("{aws-sm}/foo/bar{prop3}"); err == nil { + if _, err := provider.Decode("{aws-sm}/foo/bar[prop3]"); err == nil { t.Fatal("expected an error") } } @@ -102,7 +102,7 @@ func TestSecretsManagerProvider_DecodeJson_FetchError(t *testing.T) { return nil, errors.New("test error") } - if _, err := provider.Decode("{aws-sm}/foo/bar{prop1}"); err == nil { + if _, err := provider.Decode("{aws-sm}/foo/bar[prop1]"); err == nil { t.Fatal("expected an error") } }