Add method to retrieve GH private key from store or backend

Question

Add method to retrieve GH private key from store or backend

jhosteny opened this issue 5 years ago · 2 comments

Hi @itsdalmo - the lambda enabled version of the code requires the GH private key to be loaded from a file. It could be read from an encrypted bucket, SSM or Secrets Manager.

It seems like it would be reasonable to require that it be stored in SSM or Secrets Manager. I'm happy to work on a PR if you have a desired direction here?

Answer 1 · 2020-02-17T05:26:59.000Z

Hey again! My thinking on this was that we could use aws-env in the Lambda version of sidecred to load credentials from either SSM or secrets manager (or just KMS decrypting it). We are already doing this for the STS and/or Github Lambdas, and it has been working great so far. What do you think?

PS: I'm on vacation right now so I'll be a little bit unresponsive until I get back. Just a heads up 🌞

Answer 2 · 2020-02-17T14:04:38.000Z

@itsdalmo oops, I missed aws-env. That will be perfect.

I'll take a stab at this. Don't worry about responding on your vacation. I will just use my fork for now.