-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmanage_secrets.sh
executable file
·101 lines (82 loc) · 2.38 KB
/
manage_secrets.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env bash
# This is a shell script wrapper for AWS Secrets Manager, exposing commonly-needed options in an easy-to-use interface.
export AWS_DEFAULT_OUTPUT="text"
export MSYS_NO_PATHCONV=1 # Need for Git-for-Windows see https://github.com/git-for-windows/build-extra/blob/main/ReleaseNotes.md#known-issues
usage() {
echo "Usage: $0 [-h]
Usage: $0 -l
Usage: $0 -l --arn
Usage: $0 -g SECRET_NAME
Usage: $0 -c SECRET_NAME -D SECRET_DESC -s SECRET
Usage: $0 -c SECRET_NAME -D SECRET_DESC -s file://MYSECRET_FILE
Usage: $0 -r SECRET_NAME
Usage: $0 -u SECRET_NAME -s SECRET
Usage: $0 -d SECRET_NAME
Lists (-l), creates (-c), updates (-u), rotates (-r), or deletes (-d) a secret."
exit 1
}
get_opts() {
local opt OPTARG OPTIND
local l_query filtered_args arg
[[ -z "$1" ]] && usage
cmd=(aws secretsmanager)
l_query="SecretList[].[Name,Description]"
filtered_args=()
for arg in "$@"; do
if [[ "$arg" != "--arn" ]]; then
filtered_args+=("$arg")
else
l_query="${l_query//Name/Name,ARN}"
fi
done
set -- "${filtered_args[@]}"
while getopts "hD:s:lg:c:r:u:d:" opt ; do
case "$opt" in
h) usage ;;
D) secret_desc="$OPTARG" ;;
s) secret="$OPTARG" ;;
l) cmd+=(list-secrets --query "$l_query") ;;
g) cmd+=(get-secret-value --secret-id "$OPTARG") ;;
c) cmd+=(create-secret --name "$OPTARG") ;;
r) cmd+=(rotate-secret --secret-id "$OPTARG") ;;
u) cmd+=(update-secret --secret-id "$OPTARG") ;;
d) cmd+=(delete-secret --secret-id "$OPTARG") ;;
\?) echo "ERROR: Invalid option -$OPTARG"
usage ;;
esac
done
shift "$((OPTIND-1))"
}
_in_cmd() {
grep -wq "$1" <<< "${cmd[@]}"
}
post_process_opts() {
if _in_cmd "list-secrets" ; then
return
fi
if _in_cmd "get-secret-value" ; then
[[ -n "$secret" ]] && usage
[[ -n "$secret_desc" ]] && usage
cmd+=(--query "SecretString" --output "text")
fi
if _in_cmd "create-secret" ; then
[[ -z "$secret" ]] && usage
[[ -n "$secret_desc" ]] && cmd+=(--description "$secret_desc")
cmd+=(--secret-string "$secret")
fi
if _in_cmd "update-secret" ; then
[[ -z "$secret" ]] && usage
cmd+=(--secret-string "$secret")
fi
}
manage_secret() {
(set -x ; "${cmd[@]}")
}
main() {
get_opts "$@"
post_process_opts
manage_secret
}
if [[ "$0" == "${BASH_SOURCE[0]}" ]] ; then
main "$@"
fi