f-lombardo/secrets-loader 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

f-lombardo/secrets-loader

Composer 安装命令:

composer require f-lombardo/secrets-loader

包简介

Load secret values from SSM into environment variables - Forked from bref/secrets-loader

README 文档

README

OpenSSF Scorecard Quality Gate Status OpenSSF Best Practices

Load secrets

Automatically load secrets from SSM into environment variables when running with Bref.

This work is a fork of the project created by Matthieu Napoli, who is also the creator of the amazing Bref project.

I introduced here the ability to load parameters from Secrets Manager and to have an SSM parameter containing many application environment variables in ini format.

Load secrets from Secrets Manager

This library replaces at runtime secrets read from AWS Secrets Manager. Those secrets can be both in JSON format or in plain text.

provider:
    # ...
    environment:
        MY_PARAMETER: bref-secretsmanager:/my-app/my-parameter-in-plain-text
        MY_PARAMETER_JSON: bref-secretsmanager-json:/my-app/my-parameter-in-json

In this example the Bref Lambda function will see an environment variable MY_PARAMETER which value will be the content of secret /my-app/my-parameter-in-plain-text. Secret pointed by /my-app/my-parameter-in-json should be a JSON string of the form:

{
  "VAR1": "value1", 
  "VAR2": "value2"
}

The Lambda function will have access to two environment variables VAR1=value1 and VAR2=value2.

SSM parameter in .ini format

Migrating an existing complex Symfony application to Bref leads to having many environment variables defined in serverless.yml. Instead of having a one to one mapping between lambda environment variables and SSM parameters, I suggest to have a single lambda environment variable with the special name BREF_PARAMETER_STORE that stores a string in ini format. That string will be expanded in many application environment variables. For example a lambda could have the environment variable BREF_PARAMETER_STORE=ssm:/some/parameter. Data contained in that parameter could be:

VAR1=foo
VAR2=bar

The lambda execution runtime should then see VAR1=foo and VAR2=bar as environment variables.

This project is fully compatible with the behavior of the original library, whose documentation I report below.

Usage following the original library

This library is fully compatible with the orginal one developed by Bref's author. Read the Bref documentation: https://bref.sh/docs/environment/variables.html#secrets

It replaces (at runtime) the variables whose value starts with bref-ssm:. For example, you could set such a variable in serverless.yml like this:

provider:
    # ...
    environment:
        MY_PARAMETER: bref-ssm:/my-app/my-parameter

In AWS Lambda, the MY_PARAMETER would be automatically replaced and would contain the value stored at /my-app/my-parameter in AWS SSM Parameters.

It could be also used to read a set of parameters from a SSM variable that contains a string in an INI format. For example, if there is an SSM parameter /my-app/my-par-store that contains this sting:

FOO=bar
BAR=baz

and we have this severless.yml configuration with the special variable BREF_PARAMETER_STORE set this way:

provider:
    # ...
    environment:
      BREF_PARAMETER_STORE: /my-app/my-par-store

our lambda will see the these environment variables:

FOO=bar
BAR=baz

This feature is shipped as a separate package so that all its code and dependencies are not installed by default for all Bref users. Install this package if you want to use the feature.

Notes for developers

In the docker directory you can find a docker compose project that allows the developing and testing of the application. You can run it with

cd docker 
docker compose up -d
docker compose exec php bash

Last command leads you inside the PHP container where you can run tests and quality checks using the quality.sh script:

scripts/quality.sh

Installation in your PHP project

composer require f-lombardo/secrets-loader

f-lombardo/secrets-loader 适用场景与选型建议

f-lombardo/secrets-loader 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 28.49k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 03 月 10 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「secrets」 「ssm」 「bref」 「aws-ssm」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 f-lombardo/secrets-loader 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 f-lombardo/secrets-loader 我们能提供哪些服务?
定制开发 / 二次开发

基于 f-lombardo/secrets-loader 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 28.49k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 20
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-03-10