[RFC] EnvVarProcessor using AWS Secrets Manager

[patrick-mcdougle]

Would anyone use a EnvVarProcessor that uses the AWS Secrets Manager?

What I'm thinking is to implement EnvVarProcessorInterface and create a awsSecret key that takes a SecretId, and optionally a versionID and / or versionStage and resolves this in runtime. Then in config, you can use a string similar to this to use amazon secrets in the config.

parameters:
    db_dsn: "mysql://db_user:%env(awsSecret:db_password)%@127.0.0.1:3306/db_name"

Thoughts? Does anyone want this? Would such a feature be merged?

[patrick-mcdougle]

Small proof of concept that's untested. Theoretically if your AWS bundle is configured correctly (and you grant secrets manager access), this will work.

https://github.com/patrick-mcdougle/aws-sdk-php-symfony/tree/pmcd-env-processor-secrets

[sleavitt]

Perhaps this as a basis is worth a look - https://github.com/incompass/aws-secrets-bundle

[patrick-mcdougle]

@sleavitt Amazing. I'm seeing double! I think we can probably close this RFC. Anyone who needs this can use the bundle that you've linked to above.

[rimvislt]

I am looking to implement aws secret manager for symfony variables, that bundle which is suggested above does not look supported, development is not moving forward inside it so will be good to have something under aws otherwise it is no other option just implement myself it.

[rimvislt]

Can we reopen this RFC ?

[patrick-mcdougle]

We can try 😀

[vkhramtsov]

Any news here?