Add new mode for vault-unsealer using ssm parameter with type SecureString

[haad]

Add new mode aws-sec-ssm which is using ssm parameters type SecureString which can be automatically decrypted by AWS KMS key. Add example terraform templates which can be used to create KMS key and secureString paramaters.

[jetstack-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To fully approve this pull request, please assign additional approvers. We suggest the following additional approver: joshvanl

If they are not already assigned, you can assign the PR to them by writing /assign @joshvanl in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[JoshVanL]

/ok-to-test Hi @haad , thanks for the PR. Please can you sign off and add a release note

[haad]

@JoshVanL here you go.

[JoshVanL]

@haad Sorry, should have been more clear, it needs to be included in the root PR as described here https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md

and will look something like this https://github.com/jetstack/vault-unsealer/pull/24

There looks to also be some problems with go vet :)

[JoshVanL]

/assign @haad

[haad]

@JoshVanL This should do it :)

[JoshVanL]

@haad Thanks, I'll take a look when I get the chance :) /assign

[jetstack-bot]

@haad: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.