Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for AWS Secrets Manager for ghsecrets tool #1564

Merged
merged 17 commits into from
Jan 16, 2025
Merged

Add Support for AWS Secrets Manager for ghsecrets tool #1564

merged 17 commits into from
Jan 16, 2025

Conversation

lukaszcl
Copy link
Contributor

@lukaszcl lukaszcl commented Jan 16, 2025
edited by github-actions bot
Loading

This PR introduces significant enhancements to the ghsecrets tool, including support for managing secrets in AWS Secrets Manager alongside GitHub. Key updates include:

  • AWS Secrets Manager Integration:

    • Support for creating, updating, and sharing secrets in AWS Secrets Manager.
    • Automatic addition of the testsecrets/ prefix for AWS secrets to ensure consistency and compatibility with GitHub Actions.
    • Ability to share secrets with additional IAM ARNs through the --shared-with flag.
    • Retrieval of secrets with optional Base64 decoding.

  • Command Enhancements:

    • Added a get command to retrieve secrets from AWS Secrets Manager.
    • Unified CLI flags for managing secrets across AWS and GitHub backends.
    • Improved error handling with detailed messages for common issues (e.g., expired AWS SSO sessions).

  • Documentation Updates:

    • Updated README with detailed installation, usage instructions, and FAQ sections.

Related PRs:

Below is a summarization created by an LLM (gpt-4-0125-preview). Be mindful of hallucinations and verify accuracy.

Why

The changes expand the functionality of ghsecrets tool to support AWS Secrets Manager as a backend for storing secrets, in addition to GitHub. This update also introduces the ability to retrieve secrets from AWS, share secrets with additional AWS IAM principals, and handle AWS SSO sessions. The update aims to make ghsecrets more versatile and useful for managing secrets in different environments.

What

  • README.md: Updated documentation to reflect new features and usage instructions for interacting with both GitHub and AWS Secrets Manager.
  • go.mod and go.sum: Added dependencies for AWS SDK to interact with AWS services such as Secrets Manager and STS.
  • main.go:
    • Added support for setting and retrieving secrets from AWS Secrets Manager.
    • Implemented AWS SSO session handling and error messages.
    • Included flags for specifying AWS profile, secret ID, and IAM principals for sharing secrets.
    • Enhanced error handling and user feedback throughout the tool's commands.

lukaszcl added 14 commits January 9, 2025 14:12
@lukaszcl lukaszcl requested review from sebawo and a team as code owners January 16, 2025 09:43
skudasov
skudasov approved these changes Jan 16, 2025
View reviewed changes
tools/ghsecrets/main.go Show resolved Hide resolved
tools/ghsecrets/main.go Show resolved Hide resolved
@cl-sonarqube-production
Copy link

Quality Gate passed Quality Gate passed

Issues
2 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@lukaszcl lukaszcl merged commit 661546a into main Jan 16, 2025
54 checks passed
@lukaszcl lukaszcl deleted the TT-1907-update-AWSSecretsManager branch January 16, 2025 13:42
@lukaszcl lukaszcl mentioned this pull request Jan 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gheorghestrimtu gheorghestrimtu gheorghestrimtu approved these changes

@skudasov skudasov skudasov approved these changes

@sebawo sebawo Awaiting requested review from sebawo sebawo is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lukaszcl @skudasov @gheorghestrimtu