AWS Parameters Store for Test Automation Project by@dbudim

AWS Parameters Store for Test Automation Project

AWS Systems Manager Parameter Store provides a secure storage and management system for secret data like passwords, secret parameters, licenses, etc. The great benefit of this is that you can save any piece of data instead of AWS Secrets Manager, where you can choose only a particular format. In the case of different types of secret data, it looks like a universal solution for all of them. In this case, the secret data can be deserialized from any object you might be interested in. It is a secure management service and scalable service with no servers to manage secrets.
image
Dmytro Budym HackerNoon profile picture

Dmytro Budym

Software Development Engineer in Test


I love things to be organized and easily managed. Secret data in code is no exception. Previously I wrote a guide how to use AWS Secrets manager. And now, I want you to look at one more solution - AWS Systems Manager Parameter Store.


It provides a secure and hierarchical storage and management system for secret data like passwords, secret parameters, licenses, etc. You can avoid routine with handy-managed secret files, which you should share with every team member and add to every Jenkins Job. Just add them to centralized storage and set up retrieving via AWS API.


The great benefit of Parameters Store is that you can save any piece of data instead of AWS Secrets Manager, where you can choose only a particular format. Let's configure some secrets and see how it works in practice.


Imagine that we want to store licence.xml for some library.

<LICENSEFILE>
    <FEATURE NAME="MyFeatureName"> 
        <SETTING MAJOR_VERSION="1"/>
        <SETTING MINOR_VERSION="0"/>
        <SETTING END="2018-01-01"/>
        <CLIENT_HOSTID>
            <SETTING IPADDRESS="123.123.123.123"/>
            <SETTING USERNAME="john"/>
        </CLIENT_HOSTID>
    </FEATURE>
</LICENSEFILE>



Find the Parameter Store and open the main page.

image


Follow the "Create parameter" button and go to the configuration page.

image


Type a secret name and choose type "SecureString."

image


Put secret data to the value field and follow "Create parameter."

image


That's all, secret created!

image


To make it accessible for target users need to grant permissions with the policy that allows reading params:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ssm:GetParameter",
            "Resource": "*"
        }
    ]
}



And now, let's get it from code. Add SSM dependency to your project, create a rest client, perform a get request with decryption, and use the received secret.

<dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-java-sdk-ssm</artifactId>
   <version>1.12.186</version>
</dependency>


AWSSimpleSystemsManagement client = AWSSimpleSystemsManagementClient
       .builder()
       .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
       .build();


var getParameterRequest = new GetParameterRequest()
       .withName("licence.xml")
       .withWithDecryption(true);
String license = client.getParameter(getParameterRequest).getParameter().getValue();

LicenseReader.read(license);


This way, you can store and retrieve any data that can be deserialized from string to any object you might be interested in.

Conclusion

Parameters Store is a secure and scalable secrets management service with no servers to manage. In the case of different types of secret data, it looks like a universal solution for all of them. That is a great way to manage stricted things in your project.





react to story with heart
react to story with light
react to story with boat
react to story with money

Related Stories

L O A D I N G
. . . comments & more!