Using GoLang to manage secrets in AWS
You want to keep your secrets safe, don’t you. But how do you go about this in the cloud? And how do you do it without having to deploy and maintain complex infrastructure.
There are a number of awesome solutions for managing secrets available but they tend to require you to deploy and maintain servers to host them. How about a solution that does not require additional infrastructure.
What about interacting with these services? Maybe you need to support multiple operating systems? GoLang works beautifully in this situation as it can build binaries, which contain all dependancies, for each platform.
So. Lets do this thing!
Getting set up
Before you start taking a look at the GoLang code, you need to set up the AWS services first.
You are going to need a KMS key. This can be created using the AWS console by following these steps. Keep a note on the KMS key arn as you will need it for the encryption method.
Next, create an S3 bucket. Follow these steps if you don’t already know how.
Now you have your key and bucket you need to add the below imports to your GoLang project. These are required to use the AWS GoLang SDK.
How do you encrypt and upload your secrets?
Ok. Code time. The method below uses the key you created to encrypt the secret and save it to a temporary file.
The encrypt method returned the name of a file that has your encrypted secret. You can now upload this secret file to your S3 bucket using the below.
Now you have your encrypted secret stored in S3, you need to do a little more to be able to access it.
How do you decrypt and download your secrets?
Lets download your encrypted secret.
You have your encrypted file. Now you want to extract your secret. Lets pass the name of the encrypted file to a decryption method.
So, whats next?
The above methods manage your secrets. Wrap them up in a GoLang cli for ease of use. Remembering to take extra time in naming your application, because thats half the fun.