Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have a way of encrypting in the yaml with kms_id #77

Open
jon-shanks opened this issue Apr 11, 2016 · 2 comments
Open

Have a way of encrypting in the yaml with kms_id #77

jon-shanks opened this issue Apr 11, 2016 · 2 comments
Labels
enhancement

Comments

@jon-shanks
Copy link

would be good for secrets to be able to be encrypted with a defined kms_id and decrypted where necessary i.e.

kms_id: 'key id here'

dev:
some_secret: enc("BASE64 ENCODED SECRET")

So that we can hold specific things in the yaml i.e. root_rds_password or whatnot.
@vaijab
Copy link
Member

vaijab commented Apr 11, 2016

That's definitely a good idea.

@cob16
Copy link
Contributor

cob16 commented Jul 3, 2022

Given you want to use KMS to do this would it be better to use parameter store to store something like this?

If so you can get CF to resolve the secret from parameter store directly
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vaijab @jon-shanks @cob16