Add sentry database config from AWS RDS secrets

DataChefHQ · Feb 22, 2022 · fd87898 · fd87898
1 parent a3b2c57
commit fd87898
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 5 deletions.
diff --git a/.env b/.env
@@ -13,3 +13,6 @@ WAL2JSON_VERSION=latest
 HEALTHCHECK_INTERVAL=30s
 HEALTHCHECK_TIMEOUT=60s
 HEALTHCHECK_RETRIES=5
+
+# AWS specific settings
+AWS_RDS_SECRET_NAME = ""
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -64,6 +64,7 @@ x-sentry-defaults: &sentry_defaults
     # on the host system (or in the .env file)
     SENTRY_EVENT_RETENTION_DAYS:
     SENTRY_MAIL_HOST:
+    AWS_RDS_SECRET_NAME:
   volumes:
     - "sentry-data:/data"
     - "./sentry:/etc/sentry"

diff --git a/sentry/requirements.example.txt b/sentry/requirements.example.txt
@@ -1 +1,2 @@
 # Add plugins here
+boto3==1.21.4
diff --git a/sentry/sentry.conf.example.py b/sentry/sentry.conf.example.py
@@ -2,6 +2,7 @@
 # you can inherit and tweak settings to your hearts content.
 
 from sentry.conf.server import *  # NOQA
+import boto3
 
 
 # Generously adapted from pynetlinux: https://git.io/JJmga
@@ -33,14 +34,25 @@ def get_internal_network():
 INTERNAL_SYSTEM_IPS = (get_internal_network(),)
 
 
+def get_db_secret_from_secrets_manager(secret_name, region_name="eu-west-1"):
+    session = boto3.session.Session()
+    client = session.client(
+        service_name="secretsmanager",
+        region_name=region_name,
+    )
+    return client.get_secret_value(SecretId=secret_name)
+
+
+db_secret = get_db_secret_from_secrets_manager(env("AWS_RDS_SECRET_NAME"))
+
 DATABASES = {
     "default": {
         "ENGINE": "sentry.db.postgres",
-        "NAME": "postgres",
-        "USER": "postgres",
-        "PASSWORD": "",
-        "HOST": "postgres",
-        "PORT": "",
+        "NAME": db_secret["dbname"],
+        "USER": db_secret["username"],
+        "PASSWORD": db_secret["password"],
+        "HOST": db_secret["host"],
+        "PORT": db_secret["port"],
     }
 }