May 26, 2023

Injecting AWS secrets to HarperDB container with Python

Welcome to Community Posts
Click below to read the full article.
Summary of What to Expect
Table of Contents

Here are the steps to inject AWS secrets into a HarperDB container using Python:

  1. Create a secret in AWS Secrets Manager by logging into the AWS console and accessing the AWS cloud shell. Use a temporary file to store the secret in JSON format and create the secret using the AWS CLI.
  2. Set up a user in AWS IAM with appropriate permissions. Create a user, group, and attach the user to the group.
  3. Define a policy that allows getting the secret value from the specific secret ARN. Save the policy in a JSON file and use envsubst to replace the environment variable in the file.
  4. Create the policy and retrieve the policy ARN. Attach the policy to the group.
  5. Create an access key for the user and share it with the development team for authentication.
  6. Set up the developer's machine by installing the AWS CLI, creating a .env file with the necessary configuration and credentials, and exporting the environment variables.
  7. Retrieve the secret from the developer's machine using the AWS CLI to ensure it is working.
  8. Test with Docker by retrieving the secrets with AWS CLI, setting them as environment variables on the local system, and passing them to the HarperDB container.
  9. Verify the values of the environment variables in the running HarperDB container.
  10. Try retrieving the secret using Python code by installing boto3 and python-dotenv. Run the provided Python code locally to retrieve the secret from AWS Secrets Manager and create files for each key-value pair.

Make sure to follow the necessary installations, configurations, and commands for each step to inject the AWS secrets successfully.