Created
January 27, 2017 18:15
-
-
Save jolexa/c777da83c71dfdda863e952f64bd31e8 to your computer and use it in GitHub Desktop.
Using unicreds in AWS Lambda (python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from subprocess import Popen, PIPE, STDOUT | |
| import os | |
| region = os.environ['region'] # Pass region in as a Lambda env variable | |
| # Of course this assumes that your lambda has IAM permission to the KMS Key and DDB Table | |
| def getSecret(key): | |
| # unicreds is written in go, it is self-contained so, in your zip file include the package. One implementation of that is: | |
| # curl -sL https://github.com/Versent/unicreds/releases/download/1.5.1/unicreds_1.5.1_linux_amd64.tar.gz | tar zx | |
| cmd = "./unicreds -r {0} get -n {1}".format(region, key) | |
| p = Popen(cmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=STDOUT, | |
| close_fds=True) | |
| output = p.stdout.read() | |
| return output | |
| def lambda_handler(event, context): | |
| key = getSecret('credstash_key_name') | |
| # This does nothing useful except printing the secret out | |
| print key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/Versent/unicreds#docker-entrypoint