secrets
Share passwords and secrets securely using S3
A command-line tool for creating and accessing passwords and other secrets securely. It uses S3 for storage and IAM permissions for access control. Perfect for sharing passwords within your team.
Installation
npm install --global @robinmurphy/secrets
Make sure you've exported your AWS credentials:
export AWS_ACCESS_KEY=...
export AWS_SECRET_ACCESS_KEY=...
Follow the bucket setup guide to create your S3 bucket.
Usage
Store a secret:
secrets set npm_password supersecret
List secrets:
secrets
# => npm_passwordGet a secret:
secrets npm_password
# => supersecretRemove a secret:
secrets rm npm_password
Bucket setup
Create your secrets bucket
Use the AWS Console to create a new bucket, or use the following CloudFormation template:
{
"Resources": {
"S3Bucket": {
"Type": "AWS::S3::Bucket"
}
}
}
Export the name of the bucket you created:
export SECRETS_BUCKET_NAME=my-secrets-bucket
Set up IAM permissions
You control access to your secrets using IAM permissions. The easiest way to do this is to create an IAM policy that has read/write access to your bucket and attach it to users, groups or roles that need access. Here's an example policy document that grants read/write access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::my-secrets-bucket"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::my-secrets-bucket/*"]
}
]
}You can create separate read/write policies if you don't want everyone to be able to modify your secrets.