compwright / aws-env
Load environment variables securely from AWS SSM
Installs: 2 111
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Requires
- php: ^8.2
- composer-runtime-api: ^2.2
- aws/aws-sdk-php: ^3.295
- symfony/console: ^7.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.46
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10.5
README
Command-line script to obtain service configuration environment and secrets securely from AWS SSM.
Configuration
Configuration can be provided via command line options or environment variables:
| Option | Env. Variable | Description |
|---|---|---|
| -p, --path | AWS_ENV_PATH | Path of secrets to load from SSM |
| -f, --format | AWS_ENV_FORMAT | Output format, one of dotenv, env, or export |
This script can find AWS credentials in the usual ways, including:
- If running on EC2, by assuming an IAM role (recommended)
- By reading the
~/.aws/configand~/.aws/credentialsfiles, with the optionalAWS_PROFILEenvironment variable - Explicitly with the
AWS_REGION,AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYenvironment variables
Usage
Usage:
aws-env [options]
Options:
-p, --path=PATH Parameter key path [default: "/"]
-f, --format=FORMAT Output format: dotenv, env, export [default: "env"]
-h, --help Display help for the given command. When no command is given display help for the bin/aws-env command
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi|--no-ansi Force (or disable --no-ansi) ANSI output
-n, --no-interaction Do not ask any interactive question
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
For example, to start a shell with a new environment consisting only of the items pulled from AWS SSM + $PATH:
env -i -S"$(bin/aws-env -p /my_app/development) PATH=$PATH" && /bin/bash
License
MIT License