Skip to content

Rewrite of kms-encryption-toolbox's decrypt-and-start in Go

License

Notifications You must be signed in to change notification settings

ApplauseOSS/decrypt-and-start

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

decrypt-and-start

This project began as a shell script to invoke the kms-encryption decrypt on the variables in the environment, looking for anything with a prefix of "decrypt:", decrypting it using AWS KMS using the instance's profile, and exporting the decrypted value back to the environment before exec to the next command.

This is used as a Docker entrypoint for containers to be able to decrypt encrypted environment variables passed into it.

Usage

This project is a replacement for the ApplauseOSS/kms-encryption-toolbox supplied shell script, decrypt-and-start.

It can be run as:

$ decrypt-and-start some other program

It can also take an optional flag to control the number of parallel workers:

$ decrypt-and-start -p 20 -- some other program

Tool can also assume other role for kms access

$ decrypt-and-start --assume-role arn:aws:iam::XXXXXXXXX:role/YYYY some other program