secret2env
Command-line tool for generating sourcable environment variables from secrets in AWS Secrets Manager
using a YAML definition.
Installation
$ pip install secrets2env
Environment Definition
Below is an example environment definition. The values for environment variables will be generated
using .format()
and keyword arguments.
- secret: aws/secret-name
name: ENV_SECRET
value: "{key1-in-secret}"
- secret: production/postgresql
name: PSQL_URI
value: "postgresql://{username}:{password}@postgresql:5432/{dbname}"
Usage
Path to a definition like the one can be provided as argument, otherwise it defaults to ./aws-secrets.yml
.
Running secrets2env
will print a sourceable environment to STDOUT which can be eval
d or redirected to an environment file.
# with path to definition file
$ secrets2env --definition path/to/definition.yml
# or using the default path (./aws-secrets.yml) with the definition above
$ secrets2env
It will result in the following output
# Autogenerated by <path/to/installed/secrets2env.py>
export ENV_SECRET='some-secret'
export PSQL_URI='postgresql://pg-user:pg-pw@postgresql:5432/pgdb'
# you can eval directly
eval "`secrets2env`"
# or redirect to file
echo -e "\n`secrets2env`" >> env.sh
Limitations / TODOs
- currently only supports
SecretString
- currently only supports OsX and Linux
- no automated tests