管理aws参数存储
aws-stash的Python项目详细描述
AWS存储
试图使awssm参数存储交互更容易并充分发挥其潜力。
<^ >一些工具,如chamber已经可用,提供了存储在AWS SSM参数存储中的秘密和其他配置值作为环境变量,但它们缺少一些方便的特性和灵活的输出格式,而我正在努力寻找能够设置它们的任何工具。用法
$ aws-stash --help
usage: aws-stash [-h] [-p PARAMS [PARAMS ...]] [-w [WRITE]] [-m] [-f]
[-d DESCRIPTION] [-k KMS] [-c] [-o {text,json,export}] [-l]
[-r] [--delete] [-q] [--full] [-v]
path
positional arguments:
path Path to the parameter key or folder containing
parameter keys
optional arguments:
-h, --help show this help message and exit
-p PARAMS [PARAMS ...], --params PARAMS [PARAMS ...]
Parameter keys
-w [WRITE], --write [WRITE]
Write parameter value, leave it empty to input it from
STDIN
-m, --multi-line Accept multi-line value from STDIN, end input with
CTRL+D
-f, --force Force overwrite existing value
-d DESCRIPTION, --description DESCRIPTION
Add a description to the parameter
-k KMS, --kms KMS KMS key alias to encrypt the value
-c, --copy Copy value to the clipboard instead of showing it
-o {text,json,export}, --output {text,json,export}
Output format
-l, --list List all paramaters under same level path
-r, --recursive Process all paramaters recursively starting from path
--delete Delete a single parameter or all parameters
recursively starting from path if using --recurise
-q, --quiet Output only the values of the parameters
--full Output fully qualified parameter path
-v, --verbose Output parameters details
AWS认证
这个工具与aws-vault很好地结合在一起,以一种比将aws凭证存储在~/.aws/credentials
文件中更安全和方便的方式提供aws凭证。
递归列出键
$ aws-vault exec my-aws-profile -- aws-stash -r -l /
/dev/
/dev/application-bar/
/dev/application-bar/ENV_VAR_XXX
/dev/application-bar/SECRET_YYY
/dev/application-foo/
/dev/application-foo/ENV_VAR_XXX
/staging/
/staging/application-bar/
/staging/application-bar/ENV_VAR_XXX
/staging/application-bar/SECRET_YYY
/staging/application-foo/
/staging/application-foo/ENV_VAR_ZZZ
从源安装
git clone https://github.com/askainet/aws-stash
pip install aws-stash/