cdk-secrets 0.4.9

CDK Construct for secrets

DEPRECATED - CDK Secrets

This project is deprecated. The original goal of this construct was to provide an API for creating EC2 Key Pairs. The custom resource provider I used had much more functionality. It turned out this additional functionality was never needed and creating EC2 Key Pairs was overly complicated.

To create EC2 Key Pairs you now can use my new construct: cdk-ec2-key-pair

AWS CDK construct to manage secrets. It makes use of a custom resource provider from binxio/cfn-secret-provider.

This package is written in TypeScript and made available via JSII to all other supported languages. Package are available on:

• npm
• PyPI
• NuGet
• GitHub packages for Java

The secret provider can create RSA keys, DSA keys, EC2 key-pairs, IAM user passwords and access keys and generally secrets stored in parameter store or secret store.

All this functionality is provided by the binxio/cfn-secret-provider custom resource.

When it comes to security, you should not trust anyone. By default the secret provider uses the lambda function stored at s3://binxio-public-${AWS_REGION}/lambdas/cfn-secret-provider-1.0.0.zip. You might want to download this file, review its contents and store it in your own bucket or along with your code. You then can create the lambda function from that zip file instead like so:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
code = lambda.Code.from_asset(path.join(__dirname, "../cfn-secret-provider-1.0.0.zip"))

secret_provider = secret.Provider(self, "SecretProvider",
    code=code
)

Examples

There is an example application in ./example showing how to create a new EC2 key pair.