{"id":21513060,"url":"https://github.com/turnerlabs/sm_entrypoint","last_synced_at":"2025-04-09T18:50:24.429Z","repository":{"id":64305282,"uuid":"135795307","full_name":"turnerlabs/sm_entrypoint","owner":"turnerlabs","description":null,"archived":false,"fork":false,"pushed_at":"2018-12-11T21:02:49.000Z","size":19,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":12,"default_branch":"develop","last_synced_at":"2025-03-23T20:43:49.486Z","etag":null,"topics":["aws","docker","secrets","secretsmanager"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/turnerlabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-06-02T06:57:43.000Z","updated_at":"2020-07-14T08:21:13.000Z","dependencies_parsed_at":"2023-01-15T10:30:54.533Z","dependency_job_id":null,"html_url":"https://github.com/turnerlabs/sm_entrypoint","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turnerlabs%2Fsm_entrypoint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turnerlabs%2Fsm_entrypoint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turnerlabs%2Fsm_entrypoint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turnerlabs%2Fsm_entrypoint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/turnerlabs","download_url":"https://codeload.github.com/turnerlabs/sm_entrypoint/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248092147,"owners_count":21046421,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","docker","secrets","secretsmanager"],"created_at":"2024-11-23T22:52:28.600Z","updated_at":"2025-04-09T18:50:24.405Z","avatar_url":"https://github.com/turnerlabs.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sm_entrypoint\n\nThis is a simple entrypoint script to load AWS SecretManager Secrets into the OS environment.\n\nCredentials must be set properly for this command to work (either via ENV Vars or, preferably, an IAM Assumed Role).\n\n## Build\n\nA Makefile is included to facilitate building.\n\n`make build` will build a binary for your automatically detected GOOS and GOARCH.  It will place the binary in `bin/` directory.\n\nIf you choose, you can also build for multiple distributions with `make dist`.  You can examine the Makefile and change or add to the list of GOOS and GOARCH combinations.\n\nExecutables will have the form `sm_entrypoint-${GOOS}-${GOARCH}` and will be placed in the `dist/` directory.  Choose the one you need for each docker image and mv/copy it to your docker\nbuild directory.  Then add the binary in your Dockerfile.\n\n## Usage\nEither build from the latest code or download a release from git:  `https://github.com/turnercode/sm_entrypoint/releases/download/${release_tag}/sm_entrypoint-${GOOS}-${GOARCH}`\n\n```Dockerfile\nADD sm_entrypoint-$GOOS-$GOARCH /my/app/sm_entrypoint\n\nENTRYPOINT [\"/my/app/sm_entrypoint\"]\n\nCMD [\"/my/app/start_script_or_command\"]\n```\nor\n```Dockerfile\nRUN curl -o /my/app/sm_entrypoint https://github.com/turnerlabs/sm_entrypoint/releases/download/${release_tag}/sm_entrypoint-${GOOS}-${GOARCH}\n\nENTRYPOINT [\"/my/app/sm_entrypoint\"]\n\nCMD [\"/my/app/start_script_or_command\"]\n```\n\nReplace `${release_tag}`, `${GOOS}` and `${GOARCH}` with values for your docker image\n\n## ENV VARS\nThe following ENV Vars can be set to control sm_entrypoint behavior.\n\n- __SM_VARS__ - Comma separated list of Secrets Manager secret names, and optionally secret versions separated by a \":\". There are two special \"version labels\", AWSCURRENT and AWSPREVIOUS,\nthat describe the stage of a secret.  The secret can only have 1 AWSCURRENT and AWSPREVIOUS label, which automatically gets set if a version label is not applied at update.  AWSCURRENT represents\nthe secret that AWS SecretsManager considers the \"active\" secret and will be the secret the console displays.  The AWSPREVIOUS secret label is applied to the secret that last had the AWSCURRENT\nlabel.  Neither of these labels is required on a secret.  If you manually create a version label and do not also include AWSCURRENT, neither AWSCURRENT or AWSPREVIOUS labels will be moved.\n\nThe version label must be unique on a secret version.  If the same version label is applied to a different secret, then the version label is moved to that different secret.  The PutSecretValue \ndocumentation, \u003chttps://docs.aws.amazon.com/secretsmanager/latest/apireference/API_PutSecretValue.html\u003e, best describes this functionality.  With care, version labels can be used to store \nup to 18 different versions of a secrets:\n\u003chttps://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\u003e\n\n  ```\n  SM_VARS=secret-name-1[:version1],[secret-name-2[:version2],....]\n  ```\n\nThe __SM_VARS__ ENV var must be set for sm_entrypoint to know what secrets to load into the environment. If it is missing, the\nsm_entrypoint will skip loading any variables and will transfer control the command passed to it.\n\nThese ENV Vars are useful for local testing of the entry point and local development.\n\n- __AWS_ASSUME_ROLE_ARN__ - Role ARN used to assume that has access to the secrets in Secrets Manager.\n- __AWS_REGION__ - Region that your Secrets Manager is in.  Use if setting up AWS credentials locally.\n- __AWS_PROFILE__ - AWS credentials that has access to Secrets Manager OR the role that has access to Secrets Manager.\n- __AWS_ACCESS_KEY_ID__ - AWS access key if you aren't using a AWS profile or are testing an AWS IAM user.\n- __AWS_SECRET_ACCESS_KEY__ - AWS secret key if you aren't using a AWS profile or are testing an AWS IAM user.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturnerlabs%2Fsm_entrypoint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fturnerlabs%2Fsm_entrypoint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturnerlabs%2Fsm_entrypoint/lists"}