Skip to content

callrail/helm-ssm

2 Branches12 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

jesstracyjesstracy
version bump
Apr 23, 2021
0ad9f5f · Apr 23, 2021

History

46 Commits
.github/workflows
.github/workflows
Apr 16, 2021
scripts
scripts
Mar 9, 2020
tests/testchart
tests/testchart
Apr 8, 2020
.gitignore
.gitignore
Apr 16, 2021
README.md
README.md
Apr 8, 2020
build.sh
build.sh
Apr 16, 2021
go.mod
go.mod
Apr 23, 2021
go.sum
go.sum
Apr 23, 2021
main.go
main.go
Aug 7, 2020
main_test.go
main_test.go
Jul 20, 2020
plugin.yaml
plugin.yaml
Apr 23, 2021

Repository files navigation

GitHub Actions status

helm-ssm

A tool used to retrieve and inject secrets from AWS SSM Parameter Store into helm value files.

Idea modified from: https://github.com/totango/helm-ssm

Installation

$ helm plugin install https://github.com/callrail/helm-ssm

Updating

$ helm plugin update ssm

Usage

In any non-default values file, replace values of secrets with ssm keywords ssm, ssm-path, and ssm-path-prefix as shown below.

Single Parameter

Replace a value-file value with a value from SSM Parameter Store:

mySecret: {{ssm <my-ssm-parameter-name>}}

Then run your helm install/update command as usual but with helm ssm instead of just helm.

For example,

$ helm ssm install my-release my-chart -f my-values-file.yaml

Note: You will need to run your helm command using credentials with access to SSM in the AWS account in which the parameter lives.

Multiple Parameters under a Single Path

You can also include a map of key/value pairs by specifying a path that holds multiple parameters.

For example, say you have the following parameters in SSM:

/prod-config/example/secret-key-1  =>  "value-1"
/prod-config/example/secret-key-2  =>  "value-2"
/prod-config/example/secret-key-3  =>  "value-3"

Then the following values file will result in a dictionary of the key/value pairs.

myConfig: {{ssm-path /prod-config/example}}

 => becomes =>

myConfig: {secret-key-1: "value-1", secret-key-2: "value-2": secret-key-3: "value-3"}

Multiple Parameters under Multiple Paths sharing a common prefix

Let's say I want to include multiple parameter paths that have a common prefix. For example,

/prod-config/prod_hosts/host_1_key => "secret-value"
/prod-config/prod_hosts/host_2_key => "secret-value"

/prod-config/api_tokens/app_1_token => "secret-value"
/prod-config/api_tokens/app_2_token => "secret-value"
/prod-config/api_tokens/app_3_token => "secret-value"

/prod-config/database_urls/db_url => "secret-value"

Then the following values file will result in a list of dictionaries of the key/value pairs.

myConfig: {{ssm-path-prefix /prod-config/}}
  - prod_hosts
  - api_tokens
  - database_urls
{{end}}

 => becomes =>

myConfig:
  - {host_1_key: "secret-value", host_2_key: "secret-value"}
  - {app_1_token: "secret-value", app_2_token: "secret-value", app_3_token: "secret-value"}
  - {db_url: "secret-value"}

Testing

This testing setup assumes you have the following parameters in SSM:

test-secret-value: (value can be anything)
/test-secret-group/value1: (value can be anything)
/test-secret-group/value2: (value can be anything)
/test-secret-group-2/config1/c1key1: (value can be anything)
/test-secret-group-2/config2/c2key1: (value can be anything)
/test-secret-group-2/config2/c2key2: (value can be anything)

...
(as many as you want under the path /test-secret-group/)

$ go run main.go install testing ./tests/testchart/ -f tests/testchart/override-values.yaml --dry-run --debug

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

33 watching

Forks

0 forks
Report repository

Releases 12

Release v0.1.11 Latest
Apr 23, 2021
+ 11 releases

Packages

No packages published

Contributors 2

Languages