Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/square/password-rotation-lambda

Password rotation function for AWS Lambda and Secrets Manager
https://github.com/square/password-rotation-lambda

aws-lambda aws-rds aws-secrets-manager golang mysql password

Last synced: 3 months ago
JSON representation

Password rotation function for AWS Lambda and Secrets Manager

Host: GitHub
URL: https://github.com/square/password-rotation-lambda
Owner: square
License: apache-2.0
Created: 2020-05-07T19:43:33.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-02-13T00:29:54.000Z (9 months ago)
Last Synced: 2024-06-22T21:09:57.248Z (4 months ago)
Topics: aws-lambda, aws-rds, aws-secrets-manager, golang, mysql, password
Language: Go
Homepage:
Size: 244 KB
Stars: 20
Watchers: 8
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

jimsghstars - square/password-rotation-lambda - Password rotation function for AWS Lambda and Secrets Manager (Go)

README

        # Password Rotation Lambda

`password-rotation-lambda` is an [AWS Lambda](https://aws.amazon.com/lambda/) function in Go that rotates MySQL passwords using [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/).

It supports Amazon RDS for MySQL and Aurora MySQL.

This package handles the four Secrets Manager rotation steps and database-specific password setting.

Your `main.go` imports this packages (which exports itself as `rotate` for short) and provides AWS sessions/clients and a `SecretSetter` to decode your secret string.

```go

package main

import (

	"log"

	"github.com/aws/aws-lambda-go/lambda"

	"github.com/aws/aws-sdk-go/aws/session"

	"github.com/aws/aws-sdk-go/service/rds"

	"github.com/aws/aws-sdk-go/service/secretsmanager"

	"github.com/square/password-rotation-lambda"

	"github.com/square/password-rotation-lambda/db/mysql"

)

func main() {

	// Start AWS session using env vars automatically set by Lambda

	sess, err := session.NewSession()

	if err != nil {

		log.Fatalf("error making AWS session: %s", err)

	}

	// Make password setter for MySQL (RDS)

	ps := mysql.NewPasswordSetter(mysql.Config{

		RDSClient: rds.New(sess),                   // RDS API client

		DbClient:  mysql.NewRDSClient(true, false), // RDS MySQL cilent (true=TLS, false=dry run)

	})

	// Make Rotator which is the Lambda function/handler

	r := rotate.NewRotator(rotate.Config{

		SecretsManager: secretsmanager.New(sess),

		PasswordSetter: ps,

	})

	// Run Rotator in Lambda, waiting for events from Secrets Manager

	lambda.Start(r.Handler)

}

```