Cerberus provider for Summon.
Provides access to secrets stored in Cerberus.
Set summon-cerberus as your Summon provider.
Make sure to set CERBERUS_API
via environment variable.
Give summon a path to an object in Cerberus and it will fetch it for you and
print the value to stdout.
$ export CERBERUS_API='https://mycerbersus_endpoint.com'
$ cat > /tmp/my_secrets.yml <<-EOF
DB_USER: product_name
DB_PASSWORD: !var product/$ENVTAG/dbpassword
DATADOG_API_TOKEN: !var datadog/$ENVTAG/datadog_api_token
EOF
$ summon --provider summon-cerberus \
-f /tmp/my_secrets.yml \
-D ENVTAG=myenv \
cat @SUMMONENVFILE
DB_USER=product_name
DB_PASSWORD=Wylb6owWawtenJab
DATADOG_API_TOKEN=6d4f1e2992a11a332550aa555e630f0dc
$ export CERBERUS_API='https://mycerbersus_endpoint.com'
$ summon --provider summon-cerberus \
-D ENVTAG=myenv
--yaml 'DATADOG_API_TOKEN: !var product/$ENVTAG/datadog_api_token' \
printenv | grep DATADOG_API_TOKEN
DATADOG_API_TOKEN=6d4f1e2992a11a332550aa555e630f0dc
$ export CERBERUS_API='https://mycerbersus_endpoint.com'
$ DATADOG_API_KEY=$(summon-cerberus product/myenv/datadog_api_token)
$ echo $DATADOG_API_KEY
6d4f1e2992a11a332550aa555e630f0dc
summon-cerberus uses the official AWS Go SDK. It will use the credentials file or environment variables as they explain.
Additionally, see Summon Usage documentation.
summon-cerberus provider assumes the usage of IAM profiles and currently does not support usage of AWS API key/secret. As such, it is unusable anywhere but EC2 instances.
Improvements are required (PRs welcome) to make it support AWS key/secret the way AWS CLI tool does.
99.99% credit goes to @burdzz
00.01% @anapsix, for hack-jamming @burdzz' code into Summon provider