SecPar

A [Sec]rets Manager and [Par]ameter Store CLI tool that leverages the newly AWS SDK for Rust to manage secrets.

Secrets Manager vs Parameter Store

Setup

AWS Rust SDK will try to get the credentials in this order:

AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY environment varaibles -> ~/.aws/credentials -> ~/.aws/config.

Hence, one way to set credentials for AWS Rust SDK is ~/.aws/credentials, one example as below:

[default]
aws_access_key_id=<key_id>
aws_secret_access_key=<secret>
region=us-east-1

For alternative ways, please refer to the SDK setup page

Usage Examples

Secrets Manager

• List all the secrets

cargo run -- sec list

• Get specific secret value

cargo run -- sec get --name <secret_name>

• Delete specific secret

cargo run -- sec delete --name <secret_name>

• Describe specific secret

cargo run -- sec describe --name <secret_name>

• Create specific secret

cargo run -- sec create --name <secret_name> --secret <secret_value>

Parameter Store

• List all the parameters

cargo run -- par list

• Get specific par value

cargo run -- par get --name <parameter_name>

• Delete specific parameter

cargo run -- par delete --name <parameter_name>

• Create specific parameter

cargo run -- par create --name <parameter_name> --value <parameter_value>

• Create a bulk of parameters

cargo run -- par apply --path <path_to_parameter_spec_file>

Parameter Store Spec Format

For the par apply sub-subcommand, the format of the spec file is shown as follow. The spec is in yaml format and each parameter entry’s name and value are separated by : , a colon symbol:

parameters:
  - /secpar/TEST:TEST_VALUE
  - /secpar/qa/SASL_USERNAME:USERNAME