Skip to content

Web UI for AWS Secrets manager - support binary upload

License

Notifications You must be signed in to change notification settings

ledongthuc/awssecretsmanagerui

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AWS Secrets Manager UI

Built with WeBuild build

A Web application to manage AWS Secrets manager

AWS Secrets Manager UI

Features

  • Listing secrets grid with many columns
  • Support region switching
  • Secrets attributes sorting
  • All grid column searching
  • Editing text-based secrets directly
  • Download and upload binary secrets

Quick starts

Run:

docker run -ti \
 -p 30301:30301 \
 -e AWS_ACCESS_KEY_ID=123456789012 \
 -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
 ledongthuc/awssecretsmanagerui:latest

Make sure you configure AWS credential. Then you can access http://localhost:30301

Quickstart

Build from source

Requirement:

  • Go 1.16
  • Makefile
  • npm 6.14
make build;

Binary will available in folder "./build/". Run it and you can access through http://localhost:30301

AWS Credential

AWS Secrets Manager UI tool uses AWS configuration credential to authenticate requests.

Credential environment variables (recommend)

More detail: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

Credential file

More detail: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

Minimum Permission

Authentication

AWS Cognito authentication

Configurations to enable for AWS Cognito

  • AUTH_ENABLED=true
  • AUTH_TYPE=aws_cognito_auth2
  • AWS_COGNITO_APP_NAME=administrator: Get from AWS Cognito App configuration
  • AWS_COGNITO_REGION=eu-north-1: Get from AWS Cognito App configuration
  • AWS_COGNITO_CLIENT_ID={client_id}: Get from AWS Cognito App configuration
  • AWS_COGNITO_CLIENT_SECRET={secrets}: Get from AWS Cognito App configuration
  • AWS_COGNITO_REDIRECT_URL=http://localhost:30301/cognito/auth: Redirect URL you want AWS cognito call back
  • AWS_COGNITO_ALLOWED_EMAILS=abc@email.com: Limit accepted users to login. Empty = all
  • AWS_COGNITO_LOGIN_URL=https://administrator.auth.eu-north-1.amazoncognito.com/login?...: Get from AWS Cognito App configuration

AWS Cognito App configurations

aws_cognito_1

aws_cognito_2

Basic authentication

Default, AWS Secrets manager UI disable authentication.

AWS Secrets manager supports basic auth through two variable environments, in order enable it, try with 2 variable environments:

  • AUTH_ENABLED=true
  • AUTH_ACCOUNTS="{\"admin\":\"5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5\"}"

AUTH_ACCOUNTS define accounts' username and password. Password follows SHA-256, https://emn178.github.io/online-tools/sha256.html

Filter secret by names

Default, AWS Secrets manager UI get all secrets.

AWS Secrets manager support filter secrets by names through variable environment, in order to use it, you can try with variable environment:

  • FILTER_NAMES=production,development

FILTER_NAMES defines which secrets you want to provide with AWS Secrets manager, each secret name is separated by comma. In the above example, you want to show only secrets with name production and development.

Screenshoots

Table

Detail

Text data

Binary data

TODO

  • Local storage sort, filter, search
  • Support MoaiJS
  • Support filter by tags
  • All POST API
  • Login page
  • Create new secret
  • Delete secret

Contributor