-
Notifications
You must be signed in to change notification settings - Fork 16
/
plugin.yaml
33 lines (25 loc) · 1.09 KB
/
plugin.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: "ssm"
version: "1.0.4"
usage: "AWS SSM parameter injection into Helm value files for git storage"
description: |-
AWS SSM parameter injection in Helm value files
This plugin provides the ability to encode AWS SSM parameter paths into your
value files to store in version control or just generally less secure places.
During installation or upgrade, the parameters are replaced with their actual values
and passed on to Tiller.
Usage:
Simply use helm as you would normally, but add 'ssm' before any command,
the plugin will automatically search for values with the pattern:
{{ssm /path/to/parameter aws-region}}
and replace them with their decrypted value.
Note: You must have IAM access to the parameters you're trying to decrypt, and their KMS key.
E.g:
helm ssm install stable/docker-registry --values value-file1.yaml -f value-file2.yaml
value-file1.yaml:
---
secrets:
haSharedSecret: {{ssm /mgmt/docker-registry/shared-secret us-east-1}}
htpasswd: {{ssm /mgmt/docker-registry/htpasswd us-east-1}}
---
command: "$HELM_PLUGIN_DIR/ssm.sh"
useTunnel: true