Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow use of Systems Manager Parameters instead of Secrets Manager Secrets #93

Closed
KyleKotowick opened this issue Jun 19, 2022 · 4 comments
Closed

Allow use of Systems Manager Parameters instead of Secrets Manager Secrets #93

KyleKotowick opened this issue Jun 19, 2022 · 4 comments

Comments

@KyleKotowick
Copy link

KyleKotowick commented Jun 19, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
This application currently only supports Secrets Manager for remote secret storage. Secrets Manager is $0.40/secret/month.

Systems Manager Parameters are equally secure (can be KMS encrypted) and are free. Since none of the other Secrets Manager features are necessary for this application (rotation, replication), use of Secrets Manager is not strictly required.

Therefore, Systems Manager Parameters would be a preferred secret store for some users.

Describe the solution you'd like
Allow specifying Systems Manager parameter names/ARNs instead of only allowing hard-coded Secret names.

Describe alternatives you've considered
Keep using secrets.
@bartelemi
Copy link

I second this a lot. This tool currently requires provisioning 6 secrets, where in reality it could be reduced to 1 or even 0 if it supported parameter store.

IMHO it should be up to users to decide how they want to store the secrets.

In my case, I use this tool maybe once every few months but I have to pay for it $2.4 each month just for the secrets. I could take my team for ice cream every quarter for that money! 😄

@ChrisPates
Copy link
Contributor

I'm currently working on some refactoring to address a number of other issues.

However, I do concur that we should support parameters store as an alternative to secrets manager.

Definitely the first time I've had frugality represented in terms of ice cream!

@morganrowse
Copy link

morganrowse commented Apr 5, 2023
edited
Loading

Heya, a simpler fix here may just be to save all of the secrets into a single secret rather than 6 individual ones. Ill see if I can get a PR together.

Edit: I was not able to get this together

@ChrisPates ChrisPates mentioned this issue Mar 21, 2024
Open
@ChrisPates
Copy link
Contributor

This request has been merged with related one under a single feature request [Expand the Options for storing the sensitive parameters to include binaray secrets and SSM Parameter Store #180](https://github.com/awslabs/ssosync/issues/180]. Please review and add any specific requirements you feel it doesn't address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@KyleKotowick @bartelemi @ChrisPates @morganrowse