A Web application to manage AWS Secrets manager
NOTE This has been forked from ledongthuc/awssecretsmanagerui to add some minor improvements.
It has been updated to AWS sdk-go v2 and Tag Filter support was added.
- Listing secrets grid with many columns
- Support region switching
- Secrets attributes sorting
- All grid column searching
- Editing text-based secrets directly
- Download and upload binary secrets
Run:
docker run -ti \
-p 30301:30301 \
-e AWS_ACCESS_KEY_ID=123456789012 \
-e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
ghcr.io/dbsystel/awssecretsmanagerui:latest
Make sure you configure AWS credential. Then you can access http://localhost:30301
Requirement:
- Go 1.16
- Makefile
- npm 6.14
make build;
Binary will available in folder "./build/". Run it and you can access through http://localhost:30301
AWS Secrets Manager UI tool uses AWS configuration credential to authenticate requests.
More detail: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
More detail: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
-
Easy policy name: SecretsManagerReadWrite : https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-policies.html
-
Or custom action permission:
secretsmanager:*
Configurations to enable for AWS Cognito
AUTH_ENABLED=trueAUTH_TYPE=aws_cognito_auth2AWS_COGNITO_APP_NAME=administrator: Get from AWS Cognito App configurationAWS_COGNITO_REGION=eu-north-1: Get from AWS Cognito App configurationAWS_COGNITO_CLIENT_ID={client_id}: Get from AWS Cognito App configurationAWS_COGNITO_CLIENT_SECRET={secrets}: Get from AWS Cognito App configurationAWS_COGNITO_REDIRECT_URL=http://localhost:30301/cognito/auth: Redirect URL you want AWS cognito call backAWS_COGNITO_ALLOWED_EMAILS=abc@email.com: Limit accepted users to login. Empty = allAWS_COGNITO_LOGIN_URL=https://administrator.auth.eu-north-1.amazoncognito.com/login?...: Get from AWS Cognito App configuration
AWS Cognito App configurations
Default, AWS Secrets manager UI disable authentication.
AWS Secrets manager supports basic auth through two variable environments, in order enable it, try with 2 variable environments:
AUTH_ENABLED=trueAUTH_ACCOUNTS="{\"admin\":\"5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5\"}"
AUTH_ACCOUNTS define accounts' username and password. Password follows SHA-256, https://emn178.github.io/online-tools/sha256.html
Default, AWS Secrets manager UI get all secrets.
AWS Secrets manager support filter secrets by names through variable environment, in order to use it, you can try with variable environment:
FILTER_NAMES=production,development
FILTER_NAMES defines which secrets you want to provide with AWS Secrets manager, each secret name is separated by comma. In the above example, you want to show only secrets with name production and development.
When working with IAM Roles you might want to restrict the secrets that can be listed, viewed and edited by this application.
If you use this on IAM role level you have to additionally filter the secrets listed in the app with the same filter, since the ListSecrets API can not be set for specific tags.
You can than add the Tag Filter this way to make sure only secrets will be shown that also can be viewed and edited.
FILTER_TAG=listSecretInUi=true
- Local storage sort, filter, search
- Support MoaiJS
- Support filter by tags
- All POST API
- Login page
- Create new secret
- Delete secret
- Thuc Le
- sinthithuthao@gmail.com (many thanks for logo)
- duysmile
- Thinh Le
- Monody Le