{"id":21107148,"url":"https://github.com/billtrust/ssm-starter","last_synced_at":"2025-06-15T07:04:38.521Z","repository":{"id":57470910,"uuid":"133555391","full_name":"billtrust/ssm-starter","owner":"billtrust","description":"Loads AWS SSM Parameter Store parameters into local system environment variables and then executes your application.","archived":false,"fork":false,"pushed_at":"2018-10-16T17:27:52.000Z","size":14,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-19T03:08:33.046Z","etag":null,"topics":["aws","docker","entrypoint","environment-variables","parameter-store","ssm"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/billtrust.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-15T18:13:08.000Z","updated_at":"2024-02-26T10:47:34.000Z","dependencies_parsed_at":"2022-09-26T17:40:37.366Z","dependency_job_id":null,"html_url":"https://github.com/billtrust/ssm-starter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/billtrust/ssm-starter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billtrust%2Fssm-starter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billtrust%2Fssm-starter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billtrust%2Fssm-starter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billtrust%2Fssm-starter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/billtrust","download_url":"https://codeload.github.com/billtrust/ssm-starter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billtrust%2Fssm-starter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259935602,"owners_count":22934386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","docker","entrypoint","environment-variables","parameter-store","ssm"],"created_at":"2024-11-20T00:36:15.228Z","updated_at":"2025-06-15T07:04:38.504Z","avatar_url":"https://github.com/billtrust.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ssm-starter\n\n[![PyPI version](https://badge.fury.io/py/ssm-starter.svg)](https://badge.fury.io/py/ssm-starter)\n\nLoads AWS SSM Parameter Store parameters into local system environment variables and then executes your application so it has access to those environment variables.\n\nThis was inspired by the Twelve-Factor App principle [Store config in the environment](https://12factor.net/config).\n\nThe intended use case is to be used as the ENTRYPOINT to Docker containers which run in AWS where the application gets its configuration from SSM and stores it in the environment, then starts the application, which can reference these values through the environment. \n\n## Installation\n\n```shell\npip install ssm-starter\n```\n\n## Usage\n\nSSM-Starter is installed as a command line utility and can be run as:\n\n```shell\nssm-starter --ssm-name /dev/my-app/ --command /bin/bash run-app.sh\n```\n\nRegarding format of ssm-name and pathing, note that all of the following are equivalent:\n\n```shell\nssm-starter --ssm-name /dev/my-app --command /bin/bash run-app.sh\nssm-starter --ssm-name /dev/my-app/ --command /bin/bash run-app.sh\nAWS_ENV=dev ssm-starter --ssm-name my-app --command /bin/bash run-app.sh\n```\n\n## Example\n\nLet's say you have the following three AWS SSM Parameters and their values.\n\nSSM Path | Value\n---------|-------\n/dev/my-app/MYAPP_TEST_VAR | abc123\n/dev/my-app/MYAPP_DB_CONN_STRING | Server=myserver;Database=mydb;Uid=myuid;Pwd=secret;\n/dev/my-app/MYAPP_TEST_TWO | xyz789\n\nRunning ssm-starter with the ssm-name \"my-app\" and environment variable AWS_ENV set to \"dev\" result in the following:\n\n```shell\n  $ export AWS_REGION=us-east-1\n  $ export AWS_ENV=dev\n  $ ssm-starter --ssm-name my-app --command /bin/bash run-app.sh\n  Reading parameters from SSM path: /dev/my-app/\n  Read 3 parameters from SSM\n  MYAPP_TEST_VAR - setting value from ssm: abc123\n  MYAPP_DB_CONN_STRING - setting value from ssm (SecureString, 51 chars)\n  MYAPP_TEST_TWO already in environment\n  /bin/bash run-app.sh\n```\n\nAfter this runs these variables are in the environment and accessible to the application.  Notice that if the SSM parameter was stored as a SecureString, the value is not echoed to stdout, and that if an environment variable already exists with that name, it is not overwritten.  So if an environment variable is directly passed into the container through \"docker run -e\" or given to it by an orchestrator such as if it is defined in the task definition for ECS, that will take precidence.\n\n## Arguments\n\n`--ssm-name`\nThe name prefix of your application.  If you have an environment variable AWS_ENV present, it will additionally prefix this with that.  Multiple `--ssm-name` arguments can be provided in which case SSM starter will read all parameters from each SSM path provided.\n\n`--command`\nThe command to execute after loading the SSM variables into the environment.  The command does not need to be enclosed in quotes but **this should be the last argument as all arguments after this are assumed to be part of the command to execute**.\n\n`--abort-if-duplicates`\nThis optional argument will instruct SSM Starter to abort (non-zero exit code) if any duplicate parameter names are found.  This would only occur if multiple `--ssm-name` arguments are provided.  The default behavior is to skip any encountered duplicates, which also logs a warning message.\n\n`--overwrite-if-duplicates`\nThis optional argument will instruct SSM Starter to overwrite if any duplicate parameter names are found, so the last parameter \"wins\".  This would only occur if multiple `--ssm-name` arguments are provided.  The default behavior is to skip any encountered duplicates, which also logs a warning message.\n\n`AWS_ENV` (environment variable)\nIf present, this will be prefixed before the supplied ssm-name.  If you have a separate AWS accounts for each environment, you will not need this.  If however you are sharing a single AWS account for multiple environments (dev, stage, prod, etc) then this provides a way to partition the SSM variables.\n\n`AWS_REGION` (environment variable)\nThe AWS_REGION environment variable is expected to be present. Region is set by this environment variable rather than though an argument to ssm-starter so that the same configuration can be promoted to multiple environments that may be in different regions.  If only AWS_REGION is set, ssm-starter will also set AWS_DEFAULT_REGION to the same value.  If both are set and in conflict, ssm-starter will set both to the value in AWS_REGION.\n\n## Build and test locally\n\n```shell\ndocker build -t billtrust/ssm-starter:build -f Dockerfile.buildenv .\n\npip install iam-docker-run --user\n\n# specify a valid IAM role name which has full permissions to SSM\nexport IAM_ROLE_NAME=\"role-ops-developers\"\n\n# specify a local AWS profile name which has access to assume the above IAM role\nexport AWS_PROFILE_NAME=\"dev\"\n\n# this executes the integration test using python scripttest in the context of\n# the specified IAM role which has access to SSM\niam-docker-run \\\n  --image billtrust/ssm-starter:build \\\n  --aws-role-name $IAM_ROLE_NAME \\\n  --profile $AWS_PROFILE_NAME \\\n  --host-source-path . \\\n  --full-entrypoint \"make test\"\n```\n\n## Publishing Updates to PyPi\n\nFor the maintainer - to publish an updated version of ssm-search, increment the version number in version.py and run the following:\n\n```shell\ndocker build -f ./Dockerfile.buildenv -t billtrust/ssm-starter:build .\ndocker run --rm -it --entrypoint make billtrust/ssm-starter:build publish\n```\n\nAt the prompts, enter the username and password to the Billtrust pypi.org repo.\n\n## License\n\nMIT License\n\nCopyright (c) 2018 Factor Systems Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbilltrust%2Fssm-starter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbilltrust%2Fssm-starter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbilltrust%2Fssm-starter/lists"}