Victoria Treasure is an utility for handling secrets in S3 avoiding manual steps for decrypting or encrypt the files.
- Downloads and decrypt the specified file into memory if it exists, if not, it creates a new file in memory
- Edits the file adding the specified key and value
- Encrypts and upload the changes to S3, replacing the old file
Create a file called secrets.env
with the following environment variables:
AWS_DEFAULT_REGION=
AWS_SECRET_ACCESS_KEY=
AWS_ACCESS_KEY_ID=
KMS_KEY_ID=
Region should be set to the one used both by the S3 bucket and the KMS key, otherwise you will get an error.
$ docker build -t your_desired_tag .
# Remember to edit the secrets.env file to add the necessary variables
$ docker run --env-file=secrets.env your_desired_tag flywire-playground-secrets/apps/testing-secrets/app.json.encrypted my_secret_key my_value
Where:
flywire-playground-secrets/apps/testing-secrets/app.json.encrypted
: is the route where the secret file is stored and you want to edit, if you put a file that not exists in the s3, it will create a new onemy_secret_key
: is the secret key to be addedmy_value
: is the value of that key
If everything goes right, you'll get the following output:
[SUCCESS] Secret my_secret_key added to flywire-playground-secrets/apps/testing-secrets/app.json.encrypted
$ docker build -t your_desired_tag .
# Edit the secrets.env file to add the necessary variables
$ docker run --env-file=secrets.env your_desired_tag flywire-playground-secrets/apps/testing-secrets/app.json.encrypted my_secret_key
Where:
playground-secrets/apps/testing-secrets/app.json.encrypted
: is the route where the secret file is stored and you want to check, if you put a file that not exists in the s3, the result will be emptymy_secret_key
: is the secret key to be read
If everything goes right, you'll get the following output:
[SUCCESS] Secret my_secret_key content is SUPER_SECRET_CONTENT
$ rake
In general, Victoria secrets follows semver
- Super Mega Awesome Flywire SRE Team