Whispr

New feature 🎉 - Fetch & injects secrets from AWS SSM parameter store in applications

Whispr now supports AWS SSM Parameter Store as a vault sub-type for AWS vault. It means developers can now store secrets in AWS SSM parameter store as a string/secure string, and fetch & inject them into app/script using Whispr. This is an additional feature to existing AWS Secrets manager.

Usage

1. Run a script with secrets stored in parameter store.

To initialize a new Whispr config with parameter store as vault type:

sh
whispr init aws parameter-store


Or, modify and existing configuration to add a `type` key :

whispr.yaml

yaml
env_file: .env
secret_name: my_secret
vault: aws
type: parameter-store


and launch a script called `script.sh` with

sh
whispr run 'sh script.sh'

This will inspect `.env` file for keys to include, goes to AWS SSM parameter store and fetches the respective values and injects them into environment of `script.sh`. See README.md for more details on this.

2. **Audit a secret quickly**

sh
Prints a JSON format of all keys in given secret
whispr secret get -v aws -s my_secret -t parameter-store


Note: Make sure AWS IAM credentials & region is set before running commands.

What's Changed
* feat/5: Fetch secrets from AWS parameter store by narenaryan in https://github.com/cybrota/whispr/pull/30

**Full Changelog**: https://github.com/cybrota/whispr/compare/v0.6.0...v0.7.0

New feature 🎉 - Useful Secret Utilities

This release introduces a new command group called `secret`.

sh
whispr secret sub_command [OPTIONS]


With two new sub_commands:

1. `get`: Audit a secret from a vault. This is very helpful in fetching raw secret that is `jq` parseable.

Usage:

sh
whispr secret get -v aws -s my_secret -r us-west-2


2. `gen-random`: Generate a crypto-safe random sequence to use for key rotations.

Usage:

sh
whispr secret gen-random -l 16 -e '*^/'


See README.md for more details on usage or run `whispr secret --help` after installing the tool.

What's Changed
* feat/23: add secret command group with get & gen-random sub-commands by narenaryan in https://github.com/cybrota/whispr/pull/25


**Full Changelog**: https://github.com/cybrota/whispr/compare/v0.5.0...v0.6.0

This release supports configuring AWS region through whispr configuration file:

yaml
vault: aws
secret_name: <mysecret>
env_file: .env
region: us-west-2


Note: If you set both `region` key and `AWS_DEFAULT_REGION`, `region` key will take precedence.


What's Changed
* feat/4: Add AWS Default region support by narenaryan in https://github.com/cybrota/whispr/pull/24

**Full Changelog**: https://github.com/cybrota/whispr/compare/v0.4.0...v0.5.0

What's Changed
* Feature: Add support for AWS SSO profile in config by narenaryan in https://github.com/narenaryan/whispr/pull/19

Usage:
yaml
vault: aws
sso_profile: dev


* Code Quality: Improve test coverage from **72%** to **79%**

**Full Changelog**: https://github.com/narenaryan/whispr/compare/v0.3.0...v0.4.0

Description

* This release simplified programmatic access of code whispr utilities
* `execute_command` will not fail silently if there is a problem with subprocess.
* Add programmatic sue guide in usage-guides.

What's Changed
* Update issue templates by narenaryan in https://github.com/narenaryan/whispr/pull/14
* test(ISSUE-4): Improve code coverage by narenaryan in https://github.com/narenaryan/whispr/pull/15
* docs: create programmatic-access guide by narenaryan in https://github.com/narenaryan/whispr/pull/16
* release: bump up version to v0.3.0 by narenaryan in https://github.com/narenaryan/whispr/pull/17


**Full Changelog**: https://github.com/narenaryan/whispr/compare/v0.2.0...v0.3.0

Features
- New `no_env` configuration key to control mode of secret sharing
- Backwards compatible

This release consists of a new feature to avoid passing secrets as environment variables but command args. This is secure way to collect secrets instead of causing environment pollution.

yaml
env_file: .env
secret_name: <your_secret>
vault: aws
no_env: true New key to control no environment vs command args. Default: false


This also lets Whispr hand-off secrets to subprocess and not own anything.