-
-
Save garystafford/ecd7dc1c2582787a38338b0dae062416 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'aws-sdk' | |
| # reference: https://www.promptworks.com/blog/handling-environment-secrets-in-docker-on-the-aws-container-service | |
| # usage: `ruby get_env_from_s3.rb` | |
| ########## CHANGE THESE VARIABLES ########## | |
| file_to_decrypt = '.env' | |
| key_alias = 'demo-key' | |
| bucket_name = 'fav-color-secrets' | |
| your_region = 'us-east-1' | |
| ############################################ | |
| # initialize S3 client | |
| s3_client = Aws::S3::Client.new(region: your_region) | |
| # initialize KMS client | |
| kms_client = Aws::KMS::Client.new(region: your_region) | |
| # retrieve an 'aliase list' (array) of your AWS account's KMS encryption keys | |
| aliases = kms_client.list_aliases.aliases | |
| # select your key | |
| key = aliases.find { |alias_struct| alias_struct.alias_name == "alias/#{key_alias}" } | |
| # grab the key's id | |
| key_id = key.target_key_id | |
| # initialize the S3 encryption client | |
| s3_encryption_client = Aws::S3::Encryption::Client.new( | |
| client: s3_client, kms_key_id: key_id, kms_client: kms_client) | |
| # retrieve and decrypt .env from s3 | |
| response = s3_encryption_client.get_object(bucket: bucket_name, key: file_to_decrypt) | |
| # build string of env vars to be exported. | |
| exports = '' | |
| response.body.read.each_line { |line| exports << "export #{line.chomp} " } | |
| puts exports |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment