Elastic Beanstalk Secrets as a ServiceMay 3, 2018
Elastic Beanstalk is Amazon’s answer to the easy management of container-based applications. EB trades functionality like service discovery, cross-node communication, and advanced scheduling for simplicity and ease-of-use.
One often overlooked convenience provided by EB is its support for environment variables. Instead of breaking 12-factor app rules by encouraging the storage of environment variables in the repository (dev.yaml, staging.yaml, etc.) or creating workflow problems with a env.yaml per branch, EB does something better: an easily configurable key-value store for each environment you create.
Centrally Managed Secrets
While EB’s key-value store is very convenient, once you begin to manage the same set of variables across developer machines, CI/CD platforms, and EB environments, a central authority for managing these variables makes things much easier. On top of that, it’s relatively easy to accidentally change a variable that breaks your application – having safeguards against that is desirable.
A centrally managed secret store like Environr takes the place of the environment variables in EB and injects them into the environment at run-time. With one central location to manage configuration maps, maintaining synchronized configurations across your different environments becomes much less of a challenge.
After copying EB-managed variables to Environr, a few steps are needed:
- Replace EB-managed variables with an ENVIRONR_API_KEY and ENVIRONR_API_SECRET
- Create a
/run.shscript and add it to the container at build time
The run script can be as simple as:
#!/usr/bin/env bash env $(environr-cli env --env-output oneline [config set name]) /path/to/application
This fetches the configuration, sets the environment variables being returned, and runs the application.
Now, when it’s time to inject environment configurations into CI/CD platforms or developers’ machines, just create a new Environr API key for each and setup the configuration maps. No more wrestling with environment out-of-sync secrets and environment variables!
- Auto-generate Kubernetes ConfigMaps from Environr
- Elastic Beanstalk Secrets as a Service
- Keep Your Tooling Simple
- Hosted Secrets Management for Kubernetes
- Start Using Feature Toggles Now
- Ansible, Puppet, Chef: No thanks
- Gogland IDE
- Super Cheap and Flexible Hosting of your Go Application
- Elastic Beanstalk vs. ECS vs. Kubernetes: Part 4
- Elastic Beanstalk vs. ECS vs. Kubernetes: Part 3