sops icon indicating copy to clipboard operation
sops copied to clipboard
verified publisher icon getsops

(feat): adds publish support for aws secrets manager and parameter store

Open bruce-szalwinski-he opened this issue 3 months ago • 4 comments

Adds AWS Secrets Manager and Parameter Store publish support. Works same as vault in that it uploads unencrypted results as plain text JSON.

fixes #1942, #1105

bruce-szalwinski-he avatar Sep 20 '25 03:09 bruce-szalwinski-he

@felixfontein I see that you have been busy preparing the 3.11.0 release, so may not have had time to look at this one. Just checking in to see if there is anything else I need to provide for this PR.

bruce-szalwinski-he avatar Oct 01 '25 22:10 bruce-szalwinski-he

@bruce-szalwinski-he any chance that you might be able to resolve the conflicts?

sabre1041 avatar Dec 07 '25 15:12 sabre1041

@bruce-szalwinski-he any chance that you might be able to resolve the conflicts?

yes. I'll resolve when I align the region as you have suggested above.

bruce-szalwinski-he avatar Dec 08 '25 00:12 bruce-szalwinski-he

Confirmed the functionality of both the AWS Secrets Manager and AWS Parameter Store

A question that this integration has raised is how to handle the AWS region. The existing S3 integration does not include a dedicated property and instead relies on the default properties that the golang AWS library leverages.

Why not use an aws_region property to each of the AWS related publishers instead of specific parameters. This simplifies the end user experience, but also adds functionality for the S3 publisher. If it is not included, default to the logic of the AWS library

went with consistently named aws_region as optional element on secrets manager and parameter store. can follow up with PR against s3 if needed.

bruce-szalwinski-he avatar Dec 09 '25 03:12 bruce-szalwinski-he

@bruce-szalwinski-he This PR actually enabled me to investigate the full functionality of the publish subcommand. I discovered that the --recursive option was not working properly. I have submitted a PR to resolve the issue. However, it does not appear that this PR will support publishing multiple files as the latest content will overwrite previously configured/published content

sabre1041 avatar Dec 15 '25 10:12 sabre1041

@bruce-szalwinski-he This PR actually enabled me to investigate the full functionality of the publish subcommand. I discovered that the --recursive option was not working properly. I have submitted a PR to resolve the issue. However, it does not appear that this PR will support publishing multiple files as the latest content will overwrite previously configured/published content

I'll take a peek and see if there is a way to handle this.

bruce-szalwinski-he avatar Dec 15 '25 17:12 bruce-szalwinski-he