Managing application secrets on AWS with SSM and Chamber

The better alternative for Vault and AWS Secret Manager

Omer Hamerman
Apr 10, 2018 · 5 min read

So? I still need to interact with an API, define roles and policies, how is that any better?

And the API interaction to fetch and store parameters and secrets?

Good question! For that, I give you… “Chamber”

# Write:
$ chamber write <service> <key> <value>
# Read:
$ chamber read <service> <key>
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:PutParameter",
"ssm:DeleteParameter",
"ssm:DescribeParameters",
"ssm:GetParameterHistory",
"ssm:GetParametersByPath",
"ssm:GetParameters",
"ssm:GetParameter",
"ssm:DeleteParameters"
],
"Resource": "*"
}
]
}

Pros & Cons



ProdOpsIO

Fusion of Engineering and Operations

Omer Hamerman

Written by

Software Developer and DevOps Architect @ ProdOps.io

ProdOpsIO

ProdOpsIO

Fusion of Engineering and Operations