Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore Encrypted Entries #13

Open
ambsw-technology opened this issue Apr 28, 2019 · 1 comment · May be fixed by #19
Open

Ignore Encrypted Entries #13

ambsw-technology opened this issue Apr 28, 2019 · 1 comment · May be fixed by #19

Comments

@ambsw-technology
Copy link

Unless absolutely necessary, I'd rather not put decrypted secrets on a local machine. SSM also logs access to secrets so I'd rather not leave an unnecessary trail of secrets logs. I can think of two ways to handle this:

  • Give an option to not decrypt secrets
  • Give an option to skip encrypted parameters entirely

Both could make sense, but the second option solves both problems (on-disk and audit logs). I think it should be an ENV variable (vs. a flag) so you don't accidentally delete the encrypted params if you forget to include the flag when you apply.
@ambsw-technology
Copy link
Author

OK. The documentation for the get_parameters() call includes the ability to filter on Type. So it should be possible to exclude the SecureString from the list of types (i.e. 'String'|'StringList'|'SecureString') when making the request.

@ambsw-technology ambsw-technology mentioned this issue Apr 29, 2019
Open
claytondaley added a commit to ambsw/ssm-diff that referenced this issue Apr 30, 2019
@claytondaley
convert -p to an ENV variable (fixes runtheops#15) and adds an ENV …
319ce19 
…variable to exclude secure tags from processing (fixes runtheops#13)
claytondaley added a commit to ambsw/ssm-diff that referenced this issue May 1, 2019
@claytondaley
Significantly improves storage engines including (1) converting comma…
1ce60f2 
…nd line flags to ENV variables (fixes runtheops#15), (2) a way to generate YAML files for branches of the SSM tree (closes runtheops#11), and (3) the ability to ignore SecureString keys if they are not necessary (closes runtheops#13), and (4) the introduction of metadata in the YAML files to permit compatibility checking (more general fix for runtheops#15 with support for new features)
claytondaley added a commit to ambsw/ssm-diff that referenced this issue May 1, 2019
@claytondaley
Significantly improves storage engines including (1) converting comma…
587b73b 
…nd line flags to ENV variables (fixes runtheops#15), (2) a way to generate YAML files for branches of the SSM tree (closes runtheops#11), and (3) the ability to ignore SecureString keys if they are not necessary (closes runtheops#13), and (4) the introduction of metadata in the YAML files to permit compatibility checking (more general fix for runtheops#15 with support for new features)
@ambsw-technology ambsw-technology linked a pull request May 1, 2019 that will close this issue
Open
claytondaley added a commit to ambsw/ssm-diff that referenced this issue May 1, 2019
@claytondaley
Significantly improves storage engines including (1) converting comma…
8968375 
…nd line flags to ENV variables (fixes runtheops#15), (2) a way to generate YAML files for branches of the SSM tree (closes runtheops#11), and (3) the ability to ignore SecureString keys if they are not necessary (closes runtheops#13), and (4) the introduction of metadata in the YAML files to permit compatibility checking (more general fix for runtheops#15 with support for new features)
claytondaley added a commit to ambsw/ssm-diff that referenced this issue May 1, 2019
@claytondaley
Significantly improves storage engines including (1) converting comma…
7614275 
…nd line flags to ENV variables (fixes runtheops#15), (2) a way to generate YAML files for branches of the SSM tree (closes runtheops#11), (3) the ability to ignore SecureString keys if they are not necessary (closes runtheops#13), (4) support for the SSM StringList type and more timely type coercion so e.g. YAML integers and SSM strings match, and (5) the introduction of metadata in the YAML files to permit compatibility checking (more general fix for runtheops#15 with support for new features)
claytondaley added a commit to ambsw/ssm-diff that referenced this issue May 1, 2019
@claytondaley
Significantly improves storage engines including (1) converting comma…
d01c7dc 
…nd line flags to ENV variables (fixes runtheops#15), (2) a way to generate YAML files for branches of the SSM tree (closes runtheops#11), (3) the ability to ignore SecureString keys if they are not necessary (closes runtheops#13), (4) support for the SSM StringList type and more timely type coercion so e.g. YAML integers and SSM strings match, and (5) the introduction of metadata in the YAML files to permit compatibility checking (more general fix for runtheops#15 with support for new features)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enhanced Storage Classes ambsw/ssm-diff
1 participant
@ambsw-technology