Public | Automated Build

Last pushed: 2 years ago
Short Description
Short description is empty for this repo.
Full Description

convox/env

Encrypt and decrypt environments with AWS KMS.

Usage

CLI

# create a key in KMS
KEY=arn:aws:kms:us-east-1:000000000000:key/00000000-0000-0000-0000-000000000000

# set up IAM credentials with access to Decrypt and GenerateDataKey on that key
$ cat <<EOF >.env
AWS_REGION=...
AWS_ACCESS=...
AWS_SECRET=...
EOF

# encrypt
$ cat .env | docker run --env-file .env -i convox/env encrypt $KEY > env.encrypted

# decrypt
$ cat env.encrypted | docker run --env-file .env -i convox/env decrypt $KEY > .env

Golang

import "github.com/convox/env/crypt"

const Key = "arn:aws:kms:us-east-1:000000000000:key/00000000-0000-0000-0000-000000000000"

// specify aws credentials
cr := crypt.New("region", "access", "secret")

// use iam role on an instance
cr := crypt.NewIam("role-name")

// encrypt a secret
enc, err := cr.Encrypt(Key, []byte("some sensitive data"))

// decrypt a secret
dec, err := cr.Decrypt(Key, enc)

License

Apache 2.0 © 2015 Convox, Inc.

Docker Pull Command
Owner
convox
Source Repository

Comments (0)