This repository has been archived by the owner on Aug 27, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
main.go
134 lines (111 loc) · 2.66 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package main
import (
"fmt"
"log"
"os"
"os/exec"
"strings"
"syscall"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/aws/aws-sdk-go/service/ssm/ssmiface"
)
const (
// AWS only allows a max results <= 10
ssmMaxResults = 10
namespaceEnvVar = "SECRETLY_NAMESPACE"
)
func usage() {
fmt.Println("Usage: secretly <command> [arg...]")
os.Exit(1)
}
func main() {
if len(os.Args) <= 1 {
usage()
}
environ := os.Environ()
if ns, ok := os.LookupEnv(namespaceEnvVar); ok {
session := session.Must(session.NewSession())
svc := ssm.New(session)
environ = findAllSecrets(svc, ns, environ)
}
if err := run(os.Args[1:], environ); err != nil {
log.Fatal(err)
}
}
func findAllSecrets(svc ssmiface.SSMAPI, nsAll string, environ []string) []string {
allSecrets := make(map[string]string)
for _, nsItem := range strings.Split(nsAll, ",") {
if len(nsItem) > 0 {
secrets, err := findSecrets(svc, nsItem)
if err != nil {
log.Fatal(err)
}
for key, value := range secrets {
allSecrets[key] = value
}
}
}
environ = addSecrets(environ, allSecrets)
return environ
}
func addSecrets(environ []string, secrets map[string]string) []string {
if len(secrets) == 0 {
return environ
}
envMap := toMap(environ)
for k, v := range secrets {
envMap[k] = v
}
return fromMap(envMap)
}
func findSecrets(svc ssmiface.SSMAPI, ns string) (map[string]string, error) {
prefix := "/" + strings.Trim(ns, "/") + "/"
secrets := make(map[string]string)
var nextToken *string
for {
input := &ssm.GetParametersByPathInput{
MaxResults: aws.Int64(ssmMaxResults),
NextToken: nextToken,
Path: aws.String(prefix),
WithDecryption: aws.Bool(true),
}
output, err := svc.GetParametersByPath(input)
if err != nil {
return nil, fmt.Errorf("error getting secrets from \"%v\": %v", prefix, err)
}
for _, p := range output.Parameters {
name := (*p.Name)[len(prefix):]
secrets[name] = *p.Value
}
if output.NextToken == nil {
break
}
nextToken = output.NextToken
}
return secrets, nil
}
func run(command, env []string) error {
path, err := exec.LookPath(command[0])
if err != nil {
return fmt.Errorf("error finding executable \"%v\": %v", command[0], err)
}
return syscall.Exec(path, command, env)
}
func toMap(environ []string) map[string]string {
env := make(map[string]string)
for _, envVar := range environ {
parts := strings.SplitN(envVar, "=", 2)
env[parts[0]] = parts[1]
}
return env
}
func fromMap(m map[string]string) []string {
var s []string
for k, v := range m {
s = append(s, k+"="+v)
}
// no guaranteed order
return s
}