Node module to push configuration and encrypted secrets to AWS.
# Via yarn
$ yarn add oprah
# Via npm
$ npm install oprah
oprah.yml.service: oprah-service
provider: ssm
config:
path: /${stage}/oprah/config
defaults:
DB_NAME: my-database
DB_HOST: 3200
required:
DB_TABLE: "some database table name for ${stage}"
secret:
path: /${stage}/oprah/secret
required:
DB_PASSWORD: "secret database password"
oprah CLI tool to push your keys to AWS parameter store.$ oprah run --stage <stage> --interactive
Following is the configuration file will all possible options:
service: oprah-service
provider: ssm # Only supports ssm for now.
stacks: # Outputs from cloudformation stacks that needs to be interpolated.
- some-cloudformation-stack
config:
path: /${stage}/oprah/config # Base path for params to be added to
defaults: # Default parameters. Can be overwritten in different environments.
DB_NAME: my-database
DB_HOST: 3200
production: # If keys are deployed to production stage, its value will be overwritten by following
DB_NAME: my-production-database
required: # Keys mentioned below will be prompted to be entered.
DB_TABLE: "some database table name for ${stage}"
secret:
keyId: some-arn-of-kms-key-to-use . # If not specified, default key will be used to encrypt variables.
path: /${stage}/oprah/secret # Base path for params to be added to
required:
DB_PASSWORD: "secret database password" . # Parameter to encrypt and add to. Will be encrypted using KMS.
# Above key will be added to /${stage}/oprah/secret/DB_PASSWORD
# Value in quote will be displayed as explanation in prompt during interactive run.
Following is all options available in oprah CLI.
Usage: oprah [options] [command]
Options:
-V, --version output the version number
-s, --stage [stage] Specify stage to run on. (required)
-c, --config [config] Path to oprah configuration (default: "oprah.yml")
-i, --interactive specify values through command line
-h, --help display help for command
Commands:
run [options] Verify or populate all remote configurations and
secrets.
init Initialize oprah. Only required to run once.
export [options] Export of all of the configuration from the provider
to a text json file
import [options] Import all of the configuration from the json from to
a provider
list List all remote configurations and secrets.
fetch [options] Fetch config or secret
help [command] display help for command
Usage: oprah run [options]
Verify or populate all remote configurations and secrets.
Options:
-v, --variables [variables] Variables used for config interpolation.
-i, --interactive Run on interactive mode
-m, --missing Only prompt missing values in interactive mode
-r, --removing Removing orphan configs or secrets
-h, --help display help for command
Usage: oprah list [options]
List all remote configurations and secrets.
Options:
-h, --help display help for command
Usage: oprah fetch [options]
Fetch config or secret
Options:
-k, --keys [keys] Comma seperated configs to fetch (example:
"SOME_CONFIG,ANOTHER_CONFIG")
-h, --help display help for command
Fetch configuration can be used in automation scripts. Example:
PARAMS=$(./node_modules/.bin/cm fetch -k "CALLBACK_URL,LOGOUT_URL" -s $STAGE)
CALLBACK_URL=$(echo $PARAMS | jq -er ".CALLBACK_URL")
LOGOUT_URL=$(echo $PARAMS | jq -er ".LOGOUT_URL")
# do something with the values
Usage: oprah import [options]
Import all of the configuration from the json from to a provider
Options:
-p, --path [path] The location of the secrets and configuration file
(default: "/tmp/oprah-exports.json")
-h, --help display help for command
Usage: oprah export [options]
Export of all of the configuration from the provider to a text json file
Options:
-p, --path [path] The location for the output secrets & configuration file
(default: "/tmp/oprah-exports.json" or ".env_oprah")
-t, --target [target] The output target, available options are json|env
(default:json)
-C, --config-only [configOnly] Only export `config` section
-h, --help display help for command
Usage: oprah clean-up [options]
Clean up orphan configurations and secrets from provider
Options:
-d, --dry-run [dryRun] Execute a dry run to display all orphan configurations and secrets
-h, --help display help for command
Feel free to use the code, it's released using the MIT license.
FAQs
Package to deploy parameters to AWS
The npm package oprah receives a total of 27 weekly downloads. As such, oprah popularity was classified as not popular.
We found that oprah demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.