Elastic Beanstalk Secrets as a Service

May 3, 2018

tags:
• elastic beanstalk
• environr

Elastic Beanstalk

Elastic Beanstalk is Amazon’s answer to the easy management of container-based applications. EB trades functionality like service discovery, cross-node communication, and advanced scheduling for simplicity and ease-of-use.

One often overlooked convenience provided by EB is its support for environment variables. Instead of breaking 12-factor app rules by encouraging the storage of environment variables in the repository (dev.yaml, staging.yaml, etc.) or creating workflow problems with a env.yaml per branch, EB does something better: an easily configurable key-value store for each environment you create.

Centrally Managed Secrets

While EB’s key-value store is very convenient, once you begin to manage the same set of variables across developer machines, CI/CD platforms, and EB environments, a central authority for managing these variables makes things much easier. On top of that, it’s relatively easy to accidentally change a variable that breaks your application – having safeguards against that is desirable.

A centrally managed secret store like Environr takes the place of the environment variables in EB and injects them into the environment at run-time. With one central location to manage configuration maps, maintaining synchronized configurations across your different environments becomes much less of a challenge.

After copying EB-managed variables to Environr, a few steps are needed:

• Replace EB-managed variables with an ENVIRONR_API_KEY and ENVIRONR_API_SECRET
  
• Create a /run.sh script and add it to the container at build time
  

The run script can be as simple as:

#!/usr/bin/env bash

env $(environr-cli env --env-output oneline [config set name]) /path/to/application

This fetches the configuration, sets the environment variables being returned, and runs the application.

Now, when it’s time to inject environment configurations into CI/CD platforms or developers’ machines, just create a new Environr API key for each and setup the configuration maps. No more wrestling with environment out-of-sync secrets and environment variables!

Recent posts

• Auto-generate Kubernetes ConfigMaps from Environr
• Elastic Beanstalk Secrets as a Service
• Keep Your Tooling Simple
• Hosted Secrets Management for Kubernetes
• Start Using Feature Toggles Now
• Ansible, Puppet, Chef: No thanks
• Gogland IDE
• Super Cheap and Flexible Hosting of your Go Application
• Elastic Beanstalk vs. ECS vs. Kubernetes: Part 4
• Elastic Beanstalk vs. ECS vs. Kubernetes: Part 3

Tags

• ansible
• app engine
• aws
• chef
• cloud datastore
• configuration
• configuration management
• devops
• docker
• dynamodb
• ecs
• elastic beanstalk
• environr
• go
• gogland
• google cloud platform
• kubernetes
• puppet
• software engineering
• tags