aws-toolkit-jetbrains icon indicating copy to clipboard operation
aws-toolkit-jetbrains copied to clipboard
verified publisher icon aws

Secrets Manager Integration for IntelliJ runner.

Open yueki1993 opened this issue 3 years ago • 1 comments

Hello team,

I'd like to request Secrets Manager integration feature, which enables to set to environment variables from Secrets Manager for intellij run configurations.

Is your feature request related to a problem? Please describe.

Thanks to AWS Secrets Manager, we don't need to store secret values as file in local PCs anymore. Also CodeBuild, ECS etc have Secrets Manager integration - they inject secret values to environment variables. So for application and test code running on them, we just need simple code getting from environment variable to use secret values. However, unfortunately intellij lacks environment variables support. This is bad when we want to run tests with secret values via intellij test runner on local machine.

  // CodeBuild, ECS inject secrets to environment variables!
  // But for intellij test runner... how to set?
  String secretValue = System.getenv("SECRET_VALUE");

Describe the solution you'd like

  • (must have) set up environment variables of secret values getting from Secrets Manager for intellij's run configuration.
  • (nice to have) set up environment variables of static, non-secret values for intellij's run configuration.
  • (nice to have) support per-project configuration file like buildspec.yml so we can share it to teammates:
env:
  variables:
    ENV_VAR1: "value"
  secrets-manager:
    SECRET_ENV_VAR2: <secret-id:json-key:version-stage:version-id>

Describe alternatives you've considered

I couldn't find good workaround. (If someone knows good workaround, please let me know!)

  1. (workaround 1) - use aws sdk in test code and fetch from Secrets Manager.

This should work perfectly in most cases. However, this workaround needs

  • extra aws sdk dependency, which might lead to jar hell and sometimes need to bump up version.
  • boilerplate code just for local testing that is not required if we run it on CodeBuild.
  1. (workaround 2) - use aws cli and EnvFile plugin
  • Use EnvFile plugin that sets environment variable to intellij runner from .env file.
  • Prepare wrapper script to get secrets from Secrets Manager using aws cli and generate .env file.

This workaround has risks like:

  • we need to store secrets in local machine as file. It might be committed to public repository accidentally.
    • if https://github.com/ashald/EnvFile/pull/160 is merged we should be able to mitigate this problem.
  • the plugin is volunteerly maintained as a personal project. The author doesn't have enough time to actively maintain it.
    • cf. https://github.com/ashald/EnvFile/issues/155
  1. (workaround 3) - manually set environment variables to intellij test runner
  • No need 3rd party plugin.
  • Need manual operation.
  1. maven / gradle plugin???

I am not familiar with gradle, but if we use gradle test runner instead of default intellij runner, can we solve this problem? Can we do similar things for maven?

Additional context

It's been 10 years since a feature request has created about intellij's environment variable settings: https://youtrack.jetbrains.com/issue/PY-5543 Very little hope JetBrains supports this kind of feature.

yueki1993 avatar May 25 '22 14:05 yueki1993

related: https://github.com/aws/aws-toolkit-vscode/issues/2430

justinmk3 avatar May 25 '22 17:05 justinmk3