Skip to content

Instantly share code, notes, and snippets.

@digitalronin
Last active December 16, 2020 08:51
Show Gist options
  • Save digitalronin/542c001f9db4ced79ebc0f180d36b609 to your computer and use it in GitHub Desktop.
Save digitalronin/542c001f9db4ced79ebc0f180d36b609 to your computer and use it in GitHub Desktop.
#!/usr/bin/env ruby
# Script to output bash commands to set environment variables for AWS access
# without needing to store the credentials anywhere.
#
# Use like this:
#
# $ eval $(./export-aws-creds.rb track-a-query-production track-a-query-rds-output)
#
require "json"
namespace, secret_name = ARGV # e.g. track-a-query-production track-a-query-rds-output
json = `cloud-platform decode-secret -n #{namespace} -s #{secret_name}`
secret = JSON.parse(json)
access_key_id = secret.dig("data", "access_key_id")
secret_access_key = secret.dig("data", "secret_access_key")
puts <<EOF
export AWS_REGION="eu-west-2"
export AWS_ACCESS_KEY_ID="#{access_key_id}"
export AWS_SECRET_ACCESS_KEY="#{secret_access_key}"
EOF
@digitalronin
Copy link
Author

FYI, you can get the RDS instance identifier like this

db_instance_identifier = secret.dig("data", "rds_instance_endpoint").split(".").first

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment