paint-brush
AWS Parameters Store for Test Automation Projectby@dbudim
252 reads

AWS Parameters Store for Test Automation Project

by Dmytro BudymApril 15th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

AWS Systems Manager Parameter Store provides a secure storage and management system for secret data like passwords, secret parameters, licenses, etc. The great benefit of this is that you can save any piece of data instead of AWS Secrets Manager, where you can choose only a particular format. In the case of different types of secret data, it looks like a universal solution for all of them. In this case, the secret data can be deserialized from any object you might be interested in. It is a secure management service and scalable service with no servers to manage secrets.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - AWS Parameters Store for Test Automation Project
Dmytro Budym HackerNoon profile picture


I love things to be organized and easily managed. Secret data in code is no exception. Previously I wrote a guide how to use AWS Secrets manager. And now, I want you to look at one more solution - AWS Systems Manager Parameter Store.


It provides a secure and hierarchical storage and management system for secret data like passwords, secret parameters, licenses, etc. You can avoid routine with handy-managed secret files, which you should share with every team member and add to every Jenkins Job. Just add them to centralized storage and set up retrieving via AWS API.


The great benefit of Parameters Store is that you can save any piece of data instead of AWS Secrets Manager, where you can choose only a particular format. Let's configure some secrets and see how it works in practice.


Imagine that we want to store licence.xml for some library.

<LICENSEFILE>
    <FEATURE NAME="MyFeatureName"> 
        <SETTING MAJOR_VERSION="1"/>
        <SETTING MINOR_VERSION="0"/>
        <SETTING END="2018-01-01"/>
        <CLIENT_HOSTID>
            <SETTING IPADDRESS="123.123.123.123"/>
            <SETTING USERNAME="john"/>
        </CLIENT_HOSTID>
    </FEATURE>
</LICENSEFILE>



Find the Parameter Store and open the main page.


Follow the "Create parameter" button and go to the configuration page.


Type a secret name and choose type "SecureString."


Put secret data to the value field and follow "Create parameter."


That's all, secret created!


To make it accessible for target users need to grant permissions with the policy that allows reading params:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ssm:GetParameter",
            "Resource": "*"
        }
    ]
}



And now, let's get it from code. Add SSM dependency to your project, create a rest client, perform a get request with decryption, and use the received secret.

<dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-java-sdk-ssm</artifactId>
   <version>1.12.186</version>
</dependency>


AWSSimpleSystemsManagement client = AWSSimpleSystemsManagementClient
       .builder()
       .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
       .build();


var getParameterRequest = new GetParameterRequest()
       .withName("licence.xml")
       .withWithDecryption(true);
String license = client.getParameter(getParameterRequest).getParameter().getValue();

LicenseReader.read(license);


This way, you can store and retrieve any data that can be deserialized from string to any object you might be interested in.

Conclusion

Parameters Store is a secure and scalable secrets management service with no servers to manage. In the case of different types of secret data, it looks like a universal solution for all of them. That is a great way to manage stricted things in your project.