Skip to content

joemiller/env

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

convox/env

Encrypt and decrypt environments with AWS KMS.

Usage

CLI

# create a key in KMS
KEY=arn:aws:kms:us-east-1:000000000000:key/00000000-0000-0000-0000-000000000000

# set up IAM credentials with access to Decrypt and GenerateDataKey on that key
$ cat <<EOF >.env
AWS_REGION=...
AWS_ACCESS=...
AWS_SECRET=...
EOF

# encrypt
$ cat .env | docker run --env-file .env -i convox/env encrypt $KEY > env.encrypted

# decrypt
$ cat env.encrypted | docker run --env-file .env -i convox/env decrypt $KEY > .env

Golang

import "github.com/convox/env/crypt"

const Key = "arn:aws:kms:us-east-1:000000000000:key/00000000-0000-0000-0000-000000000000"

// specify aws credentials
cr := crypt.New("region", "access", "secret")

// use iam role on an instance
cr := crypt.NewIam("role-name")

// encrypt a secret
enc, err := cr.Encrypt(Key, []byte("some sensitive data"))

// decrypt a secret
dec, err := cr.Decrypt(Key, enc)

License

Apache 2.0 © 2015 Convox, Inc.

About

Encrypt and decrypt environments with AWS KMS

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 97.1%
  • Makefile 2.9%