class Chef::SecretFetcher

Chef::SecretFetcher::AWSSecretsManager

A fetcher that fetches a secret from AWS Secrets Manager In this initial iteration it defaults to authentication via instance profile. It is possible to pass options that configure it to use alternative credentials. This implementation supports fetching with version.

@note ‘:region’ is required configuration. If it is not explicitly provided, and it is not available via global AWS config, we will pull it from node ohai data by default. If this isn’t correct, you will need to explicitly override it. If it is not available via ohai data either (such as if you have the AWS plugin disabled) then the converge will fail with an error.

@note: This does not yet support automatic retries, which the AWS client does by default.

For configuration options see docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager/Client.html#initialize-instance_method

Usage Example:

fetcher = SecretFetcher.for_service(:aws_secrets_manager) fetcher.fetch(“secretkey1”, “v1”)

Chef::SecretFetcher

An abstract base class that defines the methods required to implement a Secret Fetcher.

Chef::SecretFetcher::Example

A simple implementation of a secrets fetcher. It expects to be initialized with a hash of keys and secret values.

Usage Example:

fetcher = SecretFetcher.for_service(:example, “secretkey1” => { “secret” => “lives here” }) fetcher.fetch(“secretkey1”)