A helper tool for Vector to securely retrieve secrets from AWS SSM Parameter Store and AWS Secrets Manager using the exec backend.
Download an executable for the target platform from the
releases page or clone the repo and build it with the
cargo build
command. Place the executable in a directory that is in your (or, actually, in the Vector user's) PATH
environment variable, e.g. /usr/local/bin
.
Once the executable is installed, it can be used as described in the Vector documentation. The tool uses the default credential provider chain to authenticate to AWS.
Here is an example configuration for the exec
secrets backend in Vector:
[secret.aws_ssm]
type = "exec"
command = ["/usr/local/bin/vector-aws-secrets-helper", "ssm"]
[secret.aws_secrets_manager]
type = "exec"
command = ["/usr/local/bin/vector-aws-secrets-helper", "secretsmanager"]
While it's idiomatic to use /
in the names of SSM Parameter Store parameters and Secrets Manager secrets to create a
hierarchy, Vector currently does not support slashes in the secret names. The only supported characters are
alphanumeric, underscores and dots. Here are some examples of valid secret references (for both SSM Parameter Store and
Secrets Manager):
SECRET[aws_ssm.secret]
SECRET[aws_ssm.another_one]
SECRET[aws_ssm.one.more]
SECRET[aws_ssm..secret.with.a.leading.comma]