Download the PHP package pmg/cred-commands without Composer
On this page you can find all versions of the php package pmg/cred-commands. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download pmg/cred-commands
More information about pmg/cred-commands
Files in pmg/cred-commands
Package cred-commands
Short Description Symfony console commands to interact with the AWS SSM Paramter Store
License MIT
Informations about the package cred-commands
Deprecated!
This library came into existence to help manage secrets in AWS's ECS as described here.
This was before ECS had support for secrets and now that it does, PMG no longer uses these commands.
pmg/cred-commands
These are a set of symfony console commands that interact with the AWS SSM Parameter Store.
The goal here is to provide an easy way to fetch credentials into memory (environment variabls) on application boot. See this blog post for some details on why one might want to do this.
Installation
Usage
Using the Built In Application
Add Commands to an Existing Console Application
CLI Usage
Custom Credential Name Formatting
By default all credential names passed to the CLI are used directly, but that
can be changed with a CredentialNameFormatter
implementation.
There a few provided by default, all in the PMG\CredCommands\Formatter
namespace.
NullFormatter
This is the default, just returns the credential name directly.
TemplateFormatter
Takes a $template
in its constructor and replaces a {cred}
in that template
with the cred name.
AppEnvFormatter
Builds a path-like credential name in the format /{appName}/{environment}/{cred}
.
Why Format at All?
Because it prefixed parameter names can be used to restrict credential access by configuring IAM permissions that use the actual parameter names.
For instance, an IAM role might only include permissions to access params named
/appName/prod/*
.
Using Formatters
Formatters can be passed as the second argument to the CredentialClient
.
Using Custom KMS Keys for Parameter Encryption
By default AWS (and by extension this library) uses an AWS account's default KMS
key to encrypt parameters when their types are set to SecureString
as they
are in this library.
Pass a third argument into the CredentialClient
to specify a KMS key ID. This
can be the actual key ID (a UUID) or a key alias (in the format alias/{alias-name}
).