{"id":13621553,"url":"https://github.com/glassechidna/pstore","last_synced_at":"2025-09-09T11:14:42.425Z","repository":{"id":57606437,"uuid":"82859515","full_name":"glassechidna/pstore","owner":"glassechidna","description":"Environment variable-based AWS Parameter Store command shim","archived":false,"fork":false,"pushed_at":"2023-02-14T15:54:03.000Z","size":60,"stargazers_count":38,"open_issues_count":5,"forks_count":6,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-28T18:11:23.449Z","etag":null,"topics":["aws","cross-platform","docker","golang","parameter-store","secret-management","shim","ssm"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/glassechidna.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-02-22T22:37:21.000Z","updated_at":"2023-10-29T04:24:26.000Z","dependencies_parsed_at":"2024-02-24T10:34:02.343Z","dependency_job_id":"e135e268-5818-4cc3-bf99-e44dec88c869","html_url":"https://github.com/glassechidna/pstore","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glassechidna%2Fpstore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glassechidna%2Fpstore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glassechidna%2Fpstore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glassechidna%2Fpstore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/glassechidna","download_url":"https://codeload.github.com/glassechidna/pstore/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249038470,"owners_count":21202711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cross-platform","docker","golang","parameter-store","secret-management","shim","ssm"],"created_at":"2024-08-01T21:01:07.906Z","updated_at":"2025-04-15T08:37:45.057Z","avatar_url":"https://github.com/glassechidna.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# `pstore`\n\n[![Build Status](https://travis-ci.org/glassechidna/pstore.svg?branch=master)](https://travis-ci.org/glassechidna/pstore)\n\n`pstore` is a tiny utility to make usage of [AWS Parameter Store][aws-pstore] an\nabsolute breeze. Simply prefix your application launch with `pstore exec \u003cyourapp\u003e`\nand you're up and running - in dev or prod.\n\n**AWS ECS now has [support for specifying secrets from Parameter Store directly\nin ECS task definitions][ecs-pstore], making `pstore` obsolete for some use cases.**\n\n[aws-pstore]: https://aws.amazon.com/ec2/systems-manager/parameter-store/\n[ecs-pstore]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html\n\n## Usage\n\n`pstore` expects the `AWS_REGION` environment variable to be set to the region\nthat your parameters are stored in.\n\n### `exec`\n\n```\nAWS_REGION=us-east-1 PSTORE_DBSTRING=MyDatabaseString pstore exec -- 'echo val is $DBSTRING'\nval is SomeSuperSecretDbString\n```\n\n`pstore` is usable out of the box. By default it looks for environment variables\nwith a `PSTORE_` prefix. For example, `PSTORE_DBSTRING=MyDatabaseString` asks\nAWS to decrypt the parameter named **MyDatabaseString** and stores the decrypted\nvalue in a new environment variable named `DBSTRING`. If there are no envvars\nwith the `PSTORE_` prefix, it's essentially a noop - so the same command can be\nused in local dev and in prod.\n\nIf `pstore` fails to decrypt any envvars it will exit instead of launching your\napplication.\n\n### `shell`\n\nSometimes you don't want to exec the child process directly. You want to use the decrypted values as part of a larger script. In that case you can do:\n\n```\n#!/bin/bash\n# do some stuff ...\neval $(PSTORE_DBSTRING=MyDatabaseString pstore shell)\necho $DBSTRING # will echo out your secret string!\n```\n\n### `powershell`\n\nSame as the above, albeit for our Windows friends.\n\n```\n$Env:PSTORE_DBSTRING = \"MyDatabaseString\"\n$Cmd = (pstore powershell mycompany-prod) | Out-String\nInvoke-Expression $Cmd\nDo-SomethingWith -DbString $DBSTRING\n```\n\n### `show`\n\nQuickly interrogate parameters for a given path or path prefix:\n\n```\n$ pstore show \"/company/princess/lambdas\"\n/company/princess/lambdas/execution/env/MyDatabaseString : SomeSuperSecretDbString\n/company/princess/lambdas/execution/env/NODE_ENV         : production\n/company/princess/lambdas/execution/env/LOGLEVEL         : excessive\n```\n\n\n## Advanced\n\n`pstore` also works with tagged parameters, which can be helpful when you have\na _lot_ of parameters and don't want to enumerate them all individually. You can\nspecify `PSTORETAG_tagkey=tagval` and `pstore` will retrieve all parameters with\n`tagkey=tagval`. `pstore` will expect to find an additional tag on these parameters,\n`pstore:name=ENVVAR`. `pstore` then sets `ENVVAR=value` in the environment.\n\nThe `PSTORE_` and `PSTORETAG_` prefixes are configurable if you want to use \nsomething else. If you want to use `MYSECRETS_` as a prefix, simply invoke\n`pstore exec --prefix MYSECRETS_ \u003cyourapp\u003e`.\n\nFinally, for debugging there is the `pstore exec --verbose \u003cyourapp\u003e` flag.\nBefore launching, `pstore` will output what its doing to stdout, e.g.\n\n```\n$ pstore exec --verbose \u003cyourapp\u003e\n✔ Decrypted MYREALSECRET︎\n✗ Failed to decrypt PstoreVal (MYLAMESECRET)\nERROR: Failed to decrypt some secret values\n```\n\n\n\n## Docker\n\n`pstore` is well-suited to acting as an entrypoint for a Dockerised application.\nAdding it to your project is as simple as:\n\n```\nFROM alpine\nRUN apk add --update curl\nRUN curl -sL -o /usr/bin/pstore https://github.com/glassechidna/pstore/releases/download/1.5.0/pstore_linux_amd64\nRUN chmod +x /usr/bin/pstore\nENTRYPOINT [\"pstore\", \"exec\", \"--verbose\", \"--\"]\nCMD env\n```\n\nNote that https requests made require `ca-certificates`. Alpine does not ship them by default anymore. In the above example this package is installed because `curl` also needs them, but if you install without `curl` or your `Dockerfile` removes `curl`, you need to explicitly have `RUN apk add ca-certificates`. Without these you will get a runtime error `x509: failed to load system roots and no roots provided`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglassechidna%2Fpstore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglassechidna%2Fpstore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglassechidna%2Fpstore/lists"}