In order to encrypt secrets and use them confidentially, best practices usually describe the usage of a tool like Vault. While Vault is a great tool, setting it up and working with it programmatically is not an easy task.
We wanted to quickly use encrypted secrets, remove our dependability on CI secrets, and then to be able to inject them into runtime environments with ease.
AWS had released their secrets manager which answers everything, but costs money, $0.40 per secret...
Apparently, there’s a way, using the same mechanisms under the hood like the secret manager but for free: AWS Parameter store which can be found under Systems Manager service. In order to use the parameter store programmatically, we started using Chamber, which is a layer that saves the need to actually interact with the parameter store directly. The two main features we use now are chamber import which allows an import of a JSON file of environment variables that the developers manage in their project, and chamber exec which creates a process in runtime and injects the secrets directly.
Try it out!