class SecretConfig::Providers::Ssm

Use the AWS System Manager Parameter Store for Centralized Configuration / Secrets Management

Attributes

client[R]
key_id[R]
logger[R]
retry_count[R]
retry_max_ms[R]

Public Class Methods

new( key_id: ENV["SECRET_CONFIG_KEY_ID"], key_alias: ENV["SECRET_CONFIG_KEY_ALIAS"], retry_count: 25, retry_max_ms: 10_000, **args ) click to toggle source
# File lib/secret_config/providers/ssm.rb, line 13
def initialize(
  key_id: ENV["SECRET_CONFIG_KEY_ID"],
  key_alias: ENV["SECRET_CONFIG_KEY_ALIAS"],
  retry_count: 25,
  retry_max_ms: 10_000,
  **args
)
  @key_id       =
    if key_alias
      key_alias =~ %r{^alias/} ? key_alias : "alias/#{key_alias}"
    else
      key_id
    end
  @retry_count  = retry_count
  @retry_max_ms = retry_max_ms
  @logger       = SemanticLogger["Aws::SSM"] if defined?(SemanticLogger)
  @client       = Aws::SSM::Client.new({logger: logger}.merge!(args))
end

Public Instance Methods

delete(key) click to toggle source

Deletes the key. Nothing is done if the key was not found.

# File lib/secret_config/providers/ssm.rb, line 79
def delete(key)
  client.delete_parameter(name: key)
rescue Aws::SSM::Errors::ParameterNotFound
end
each(path) { |name, value| ... } click to toggle source

Yields the key with its absolute path and corresponding string value

# File lib/secret_config/providers/ssm.rb, line 33
def each(path)
  retries = 0
  token   = nil
  loop do
    begin
      resp = client.get_parameters_by_path(
        path:            path,
        recursive:       true,
        with_decryption: true,
        next_token:      token
      )
    rescue Aws::SSM::Errors::ThrottlingException => e
      # The free tier allows 40 calls per second.
      # The Higher Throughput tier for additional cost is still limited to 100 calls per second.
      # Using a random formula since this limit is normally only exceeded during a high volume restart period
      # so we want to spread out the retries of the multiple servers.
      retries += 1
      if retry_count > retries
        sleep_seconds = rand(retry_max_ms) / 1000.0
        logger&.info("SSM Parameter Store GetParametersByPath API Requests throttle exceeded, retry: #{retries}, sleeping #{sleep_seconds} seconds.")
        sleep(sleep_seconds)
        retry
      end
      logger&.info("SSM Parameter Store GetParametersByPath API Requests throttle exceeded, retries exhausted.")
      raise(e)
    end

    resp.parameters.each { |param| yield(param.name, param.value) }
    token = resp.next_token
    break if token.nil?
  end
end
fetch(key) click to toggle source

Returns the value or `nil` if not found

# File lib/secret_config/providers/ssm.rb, line 85
def fetch(key)
  client.get_parameter(name: key, with_decryption: true).parameter.value
rescue Aws::SSM::Errors::ParameterNotFound
end
set(key, value) click to toggle source
# File lib/secret_config/providers/ssm.rb, line 66
def set(key, value)
  client.put_parameter(
    name:      key,
    value:     value.to_s,
    type:      "SecureString",
    key_id:    key_id,
    overwrite: true,
    tier:      "Intelligent-Tiering"
  )
end