Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
dr-paramstore-config-mgmt-utils
Advanced tools
Readme
This librarycontains tools to fetch, update and delete parameters from the store.
This action allows you to retrieve an entire environment from the parameter store and outputs a JSON file with the contents.
npx @makemydeal/dr-paramstore-config-mgmt-utils fetch -e {env} -f {filespec}
Parameter | Switch | Required | Description |
---|---|---|---|
env | --env or -e | Yes | The environment to write to |
file | --file or -f | Yes | The JSON file to write to |
region | --region or -r | No | The region [us-east-1] |
seure | --secure or -s | No | Retrieve only the props that are secure, with a value of 'true' for each prop (create the config-secure.json file) |
This action allows you to write an entire environment to the Parameter Store. The recommended action is to use fetch
to get the environment, add your changes and then use update to upload the changes. The input file will be JSON which supports String
, StringArray
and SecureString
values
A secure string is encrypted in the AWS ParameterStore. This keeps sensitive values safe. We need to specify a secure file (see below) in order to mark which settings are secure strings.
The secure file will mimic the schema used by the parameter store to store the values. The only values that are needed are the values that are secure. As secure values are added to the schema, we should also update config-secure.json
to refect that. This will allow the command line to know which props to add as SecureString in AWS Parameter Store.
Sanple File:
{
"secure": true,
"testAttr: {
"testSetting": true
}
}
You can use the fetch
command to create a secure file with the -s
switch.
npx @makemydeal/dr-paramstore-config-mgmt-utils update -e {env} -f {filespec} -s {securefilespec}
Parameter | Switch | Required | Description |
---|---|---|---|
env | --env or -e | Yes | The environment to write to |
file | --file or -f | Yes | The JSON file that has the parameters to write |
secure | --secure or -s | No | If supplied, this object will mimic the structure of the --file parameter but only contain entries that should be marked as secure string. If the file is not provided, then any new props will be made as String type and not SecureString . |
region | --region or -r | No | The region [us-east-1] |
delete | --delete or -d | No | If this switch is provided: if values exist in the saved config but not in the new file, should they be deleted from the parameter store [false] |
This utility will delete a entire environment from the parameter store. Input is received via the command line. This is not reversable.
npx @makemydeal/dr-paramstore-config-mgmt-utils delete -e {env}
Parameter | Switch | Required | Description |
---|---|---|---|
env | --env or -e | Yes | The environment to delete |
region | --region or -r | No | The region [us-east-1] |
fetch
with the -s
switch to get the config-secure.json
file.fetch
to get the parameters to the environment. Save the file as config.{env}.json
config.{env}.json
SecureString
datatype, edit config-secure.json
to use the same schema for the props you want to be secure with 'true'
as their value.update
to save the values to the parameter store.FAQs
This librarycontains tools to fetch, update and delete parameters from the store.
The npm package dr-paramstore-config-mgmt-utils receives a total of 2 weekly downloads. As such, dr-paramstore-config-mgmt-utils popularity was classified as not popular.
We found that dr-paramstore-config-mgmt-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.