Experimental support for an AWS Secrets Fetcher

In a recipe, usage will look like the following: value = secret(name: "test1", service: :aws_secrets_manager, config: { region: "us-west-1" }) log "My secret is #{value.secret_string}" Note the use of `secret_string` to determine the secret value. The returned object here is Aws::Types::GetSecretValueResponse from the AWS SDK. This beta implementation supports ec2/imds instance profile authentication but also checks standard locations for credentials configuration -- see documentation [1] for a description of default credentials search behavior. [1] https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager/Client.html#initialize-instance_method Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
author: Marc A. Paradise <marc.paradise@gmail.com> 2021-07-07 17:42:05 -0400
committer: Tim Smith <tsmith@chef.io> 2021-07-14 08:07:35 -0700
commit: 60e6849aa65aece9ff896a765a92095337298d36 (patch)
tree: 6d61db57f3dc93512c2906eed327ff4c66a9c74b /chef.gemspec
parent: 9ebf86abc20aac7196e9628bd90b3256024cda10 (diff)
download: chef-60e6849aa65aece9ff896a765a92095337298d36.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/chef.gemspec b/chef.gemspec
index 76f562cc71..0f278fff8f 100644
--- a/chef.gemspec
+++ b/chef.gemspec
@@ -55,6 +55,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "proxifier", "~> 1.0"
 
+  s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
   s.bindir       = "bin"
   s.executables  = %w{ }
author	Marc A. Paradise <marc.paradise@gmail.com>	2021-07-07 17:42:05 -0400
committer	Tim Smith <tsmith@chef.io>	2021-07-14 08:07:35 -0700
commit	60e6849aa65aece9ff896a765a92095337298d36 (patch)
tree	6d61db57f3dc93512c2906eed327ff4c66a9c74b /chef.gemspec
parent	9ebf86abc20aac7196e9628bd90b3256024cda10 (diff)
download	chef-60e6849aa65aece9ff896a765a92095337298d36.tar.gz