Decrypted vars when install a new aws instance via user-data script

I have Ansible playbooks ready, they includes several encrypted vars. With normal process, I can feed a vault password file to decrypt them with --vault-password-file ~/.vault_pass.txt and deploy...

Using credstash in Python

I've installed credstash on my computer. I'm able to use commands like "credstash get [credential]" while in the command prompt. However, when in a python interpreter, after I use "import...

brew or pip - install credstash - errors - No named formulae found in taps / OSErr six-1.4.1-py2.7.egg-info operation not permitted

Getting the following error on my Mac Terminal window. $ pip --version pip 6.1.1 from /Library/Python/2.7/site-packages (python 2.7) Python version is 2.7.10 While trying to install credstash...

conditional subparser based on mutually exclusive group argument

I am working on extending the code in credstash with my code here: https://github.com/willcrain1/credstash My issue is that I would like to add a required argument, but only if you select -b as...

Handling run time and build time secrets in AWS CodePipeline

We are dealing with the problem of providing build time and run time secrets to our applications built using AWS CodePipeline and being deployed to ECS. Ultimately, our vision is to create a...

Storing results from a Postgres query directly into an array in Bash 4?

I'm trying to run a Postgres query like below and store the results into an array: v2_ids=$(psql $(credstash get database/path/here) -tc "select distinct(user_id) from table where yada yada...

yaml.dump adding unwanted newlines in multiline strings

I have a multiline string: >>> import credstash >>> d = credstash.getSecret('alex_test_key', region='ap-southeast-2') To see the raw data (first 162 characters): >>>...

AWS KMS Decrypt Error Credstash

My aws account is in us-west-2 region. and the KMS key created in that account has ARN arn:aws:kms:us-east-1::key/. In my node module, I am using Credstash to decrypt the key which is encrypted...

How to catch exceptions for ansible credstash lookup plugin with key not found?

I have the following code app_key: "{{ lookup('credstash', 'aws/project/'+app_name+'/'+app_env+'/app_key') | default('not-set') }}" And was expecting to be able set a default value based on...

Using AWS KMS and/or credstash with non AWS server

Is it possible to use AWS KMS and a tool like credstash without the use of EC2 or equivalent or does it rely solely on IAM roles? I've got a server elsewhere where I am testing some things out and...

Credstash: 'module' object has no attribute 'get': AttributeError

I am trying to use credstash for accessing credentials stored in KMS, however, even before accessing them, the python 2.7 lambda runtime on aws is giving me an error: 'module' object has no...

Bash export credstash values from script

So i'm trying to implement a build script that pulls down our credstash keys from DynamoDB and then sets them in the environment running the script, I need to the commands afterward to have access...

Bash Script, Circle CI, Docker image - unexpected newline

So I'm trying to figure out what's up with this bash script, it works totally fine on my local machine(MacOS): #!/bin/bash echo 'Fetching keys.....' creds=$(credstash getall) declare -a...

How can I pass a string to be evaluated as positional and keyword arguments?

I'm using a module called credstash, which contains this function: def getSecret(name, version="", region=None, table="credential-store", context=None, dynamodb=None,...

How to add php gd extension to Dockerfile

I'm getting this error when trying to deploy using alpine: phpoffice/phpspreadsheet 1.2.1 requires ext-gd * -> the requested PHP extension gd is missing from your system. Here's my...

How to get credentials from credstash using python?

In node, I used to do it this way const Credstash = require('nodecredstash'); const credstash = new Credstash({ table: <table_name>, kmsKey: <kms_key>, }); return...

AWS js aws-sdk route53Domains.listDomains() returns "UnknownError: Bad Gateway"

I am using the js npm library aws-sdk to query AWS objects. From within the same script it is able to retrieve ec2 instance details using ec2.describeInstances, but when it executes...

Set environment variable from credstash on Elastic Beanstalk

I'm having some issues with Elastic Beanstalk environment variables which I want to set from credstash. option_settings: - namespace: aws:elasticbeanstalk:application:environment ...

adding yaml array as env to kubernetes/kustomize

So, I have a yaml file that looks like this: service: users: - username: some-user password: some-pass (would be placed in Secret) - username:...

Intermittent pip install error in virtualenv?

For the commands below: virtualenv --system-site-packages `pwd`/.test # load virtual environment source `pwd`/.test/bin/activate # install required python modules # for some reason argparse is...

Digital Ocean ENV Variables - .env file, ENV Variables, or something else?

Does Digital Ocean have something similar to Credstash or AWS Secrets Manager (both AWS services)? Trying to decide on the most secure way to store environmental variables with sensitive...