{"id":13607657,"url":"https://github.com/remind101/ssm-env","last_synced_at":"2026-02-04T23:03:06.711Z","repository":{"id":38451698,"uuid":"83861352","full_name":"remind101/ssm-env","owner":"remind101","description":"Expand env variables from AWS Parameter Store","archived":false,"fork":false,"pushed_at":"2024-06-06T22:00:00.000Z","size":1085,"stargazers_count":255,"open_issues_count":8,"forks_count":51,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-03-30T04:08:59.748Z","etag":null,"topics":["security","sms"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/remind101.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-04T03:14:45.000Z","updated_at":"2025-03-28T13:09:45.000Z","dependencies_parsed_at":"2024-08-01T19:53:46.483Z","dependency_job_id":null,"html_url":"https://github.com/remind101/ssm-env","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remind101%2Fssm-env","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remind101%2Fssm-env/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remind101%2Fssm-env/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remind101%2Fssm-env/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/remind101","download_url":"https://codeload.github.com/remind101/ssm-env/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247441052,"owners_count":20939239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security","sms"],"created_at":"2024-08-01T19:01:20.482Z","updated_at":"2026-02-04T23:03:01.665Z","avatar_url":"https://github.com/remind101.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# ssm-env\n\n`ssm-env` is a simple UNIX tool to populate env vars from AWS Parameter Store.\n\n## Installation\n\n```console\n$ go get -u github.com/remind101/ssm-env\n```\n\nYou can most likely find the downloaded binary in `~/go/bin/ssm-env`\n\n## Usage\n\n```console\nssm-env [-template STRING] [-with-decryption] [-no-fail] COMMAND\n```\n\n## Details\n\nGiven the following environment:\n\n```\nRAILS_ENV=production\nCOOKIE_SECRET=ssm://prod.app.cookie-secret\n```\n\nYou can run the application using `ssm-env` to automatically populate the `COOKIE_SECRET` env var from SSM:\n\n```console\n$ ssm-env env\nRAILS_ENV=production\nCOOKIE_SECRET=super-secret\n```\n\nYou can also configure how the parameter name is determined for an environment variable, by using the `-template` flag:\n\n```console\n$ export COOKIE_SECRET=xxx\n$ ssm-env -template '{{ if eq .Name \"COOKIE_SECRET\" }}prod.app.cookie-secret{{end}}' env\nRAILS_ENV=production\nCOOKIE_SECRET=super-secret\n```\n\n`ssm-env` also supports [versioned SSM](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-versions.html) params:\n\n```console\n$ export OLD_SECRET=ssm://secret:1\n$ export NEW_SECRET=ssm://secret:2\n$ ssm-env env\n\nOLD_SECRET=super_secret_v1\nNEW_SECRET=super_secret_v2\n```\n\n## Usage with Docker\n\nA common use case is to use `ssm-env` as a Docker ENTRYPOINT. You can copy and paste the following into the top of a Dockerfile:\n\n```dockerfile\nRUN curl -sSfL -o /usr/local/bin/ssm-env https://github.com/remind101/ssm-env/releases/download/v0.0.5/ssm-env \\\n    \u0026\u0026 cd /usr/local/bin \\\n    \u0026\u0026 echo \"babf40382bcd260f0d8d4575a32d5ec33fb08fefd29f12ffd800fbe738c41021  ssm-env\" | sha256sum -c \\\n    \u0026\u0026 chmod +x ssm-env\n```\n\nNow, any command executed with the Docker image will be funneled through ssm-env.\n\n### Alpine Docker Image\n\nTo use `ssm-env` with [Alpine](https://hub.docker.com/_/alpine) Docker images, root certificates need to be added\nand the installation command differs, as shown in the `Dockerfile` below:\n\n```dockerfile\nFROM alpine:latest\n\n# ...copy code\n\n# ssm-env: See https://github.com/remind101/ssm-env\nRUN apk add curl\nRUN curl -sSfL -o /usr/local/bin/ssm-env https://github.com/remind101/ssm-env/releases/download/v0.0.5/ssm-env \\\n    \u0026\u0026 cd /usr/local/bin \\\n    \u0026\u0026 echo \"babf40382bcd260f0d8d4575a32d5ec33fb08fefd29f12ffd800fbe738c41021  ssm-env\" | sha256sum -c \\\n    \u0026\u0026 chmod +x ssm-env\n\n# Alpine Linux doesn't include root certificates which ssm-env needs to talk to AWS.\n# See https://simplydistributed.wordpress.com/2018/05/22/certificate-error-with-go-http-client-in-alpine-docker/\nRUN apk add --no-cache ca-certificates\n\nENTRYPOINT [\"/usr/local/bin/ssm-env\", \"-with-decryption\"]\n```\n\n## Usage with Kubernetes\n\nA simple way to provide AWS credentials to `ssm-env` in containers run in Kubernetes is to use Kubernetes\n[Secrets](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/) and to expose\nthem as environment variables. There are more secure alternatives to environment variables, but if this is secure\nenough for your needs, it provides a low-effort setup path.\n\nFirst, store your AWS credentials in a secret called `aws-credentials`:\n\n```shell\nkubectl create secret generic aws-credentials --from-literal=AWS_ACCESS_KEY_ID='AKIA...' --from-literal=AWS_SECRET_ACCESS_KEY='...'\n```\n\nThen, in the container specification in your deployment or pod file, add them as environment variables (alongside\nall other environment variables, including those retrieved from SSM):\n\n```yaml\n      containers:\n        - env:\n            - name: AWS_ACCESS_KEY_ID\n              valueFrom:\n                secretKeyRef:\n                  name: aws-credentials\n                  key: AWS_ACCESS_KEY_ID\n            - name: AWS_SECRET_ACCESS_KEY\n              valueFrom:\n                secretKeyRef:\n                  name: aws-credentials\n                  key: AWS_SECRET_ACCESS_KEY\n            - name: AWS_REGION\n              value: us-east-1\n            - name: SSM_EXAMPLE\n              value: ssm:///foo/bar\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremind101%2Fssm-env","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fremind101%2Fssm-env","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremind101%2Fssm-env/lists"}