June 6, 2018
Contact Us
Weekly Shorts are topics we discuss in our weekly remote meeting related to recent work we have done with our customers

In order to encrypt secrets and use them confidentially, best practices usually describe the usage of a tool like Vault. While Vault is a great tool, setting it up and working with it programmatically is not an easy task.

We wanted to quickly use encrypted secrets, remove our dependability on CI secrets, and then to be able to inject them into runtime environments with ease.

AWS had released their secrets manager which answers everything, but costs money, $0.40 per secret...

Apparently, there’s a way, using the same mechanisms under the hood like the secret manager but for free: AWS Parameter store which can be found under Systems Manager service. In order to use the parameter store programmatically, we started using Chamber, which is a layer that saves the need to actually interact with the parameter store directly. The two main features we use now are chamber import which allows an import of a JSON file of environment variables that the developers manage in their project, and chamber exec which creates a process in runtime and injects the secrets directly.

Try it out!

Further read:

Omer Hamerman
Senior Software Operations Architect
Omer is an experienced software operations engineer and an open source contributor. He is always willing to go the extra mile to help our clients improve their software delivery. He is known for getting the job done very quickly and is clear-cut and very sharp, delivering almost any job on the spot. When he’s not helping our clients achieve scalable and resilient infrastructure, you’ll find him rock climbing and bouldering. He is passionate about beautiful code, cybersecurity and doing things right the first time. He is a keen writer of blog posts and a speaker at meetups.