Spring-cloud-aws: Interest in support for retrieving config from EC2 Parameter Store?

Created on 24 Mar 2017  路  8Comments  路  Source: spring-cloud/spring-cloud-aws

I recently learned about the EC2 Parameter Store. An example use case: distributing a database password to a spring boot app running in ECS or EC2. The password can be stored encrypted under KMS (envelope encryption). Access can be restricted based on the IAM role assigned to the container (ECS) or instance (EC2).

Seems this could be quite useful as a secret distribution mechanism for spring boot apps running on AWS. Not as elegant, feature rich and polished as Hashicorp's vault but perhaps good for simple use cases or where you don't want to run a vault cluster (backed by a consul cluster).

There's a spike with more detail in aws-ssm-demo.

Most helpful comment

Any progress on that request ? It will be helpful to have a feature where we can get encrypted value from ParameterStore.

All 8 comments

Any progress on that request ? It will be helpful to have a feature where we can get encrypted value from ParameterStore.

Sounds like a great feature.

I wrote something like this recently. The current code can be found here: https://gitlab8.trifork.nl/jorisk/spring-cloud-aws-param-store

I'd be happy to contribute it.

@jkuipers Would you be able to convert this into a PR for the upstream folks to merge?

I will have a look at what it would take to turn this into a proper pull request.

Closed via #308

Would be nice if the updated docs could be republished as well: my code has been integrated in a republished RC2, but as there are no docs no one will know that nor how to use it.

That should be done now. Might take a while for caches to clear.

Was this page helpful?
0 / 5 - 0 ratings