AWS Secrets Manager UI

A Web application to manage AWS Secrets manager

Features

• Listing secrets grid with many columns
• Support region switching
• Secrets attributes sorting
• All grid column searching
• Editing text-based secrets directly
• Download and upload binary secrets

Quick starts

Run:

docker run -ti \
 -p 30301:30301 \
 -e AWS_ACCESS_KEY_ID=123456789012 \
 -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
 ledongthuc/awssecretsmanagerui:latest

Make sure you configure AWS credential. Then you can access http://localhost:30301

Build from source

Requirement:

• Go 1.16
• Makefile
• npm 6.14

make build;

Binary will available in folder "./build/". Run it and you can access through http://localhost:30301

AWS Credential

AWS Secrets Manager UI tool uses AWS configuration credential to authenticate requests.

Credential environment variables (recommend)

More detail: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

Credential file

More detail: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

Minimum Permission

• Easy policy name: SecretsManagerReadWrite : https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-policies.html

• Or custom action permission: secretsmanager:*

Authentication

AWS Cognito authentication

Configurations to enable for AWS Cognito

• AUTH_ENABLED=true
• AUTH_TYPE=aws_cognito_auth2
• AWS_COGNITO_APP_NAME=administrator: Get from AWS Cognito App configuration
• AWS_COGNITO_REGION=eu-north-1: Get from AWS Cognito App configuration
• AWS_COGNITO_CLIENT_ID={client_id}: Get from AWS Cognito App configuration
• AWS_COGNITO_CLIENT_SECRET={secrets}: Get from AWS Cognito App configuration
• AWS_COGNITO_REDIRECT_URL=http://localhost:30301/cognito/auth: Redirect URL you want AWS cognito call back
• [email protected]: Limit accepted users to login. Empty = all
• AWS_COGNITO_LOGIN_URL=https://administrator.auth.eu-north-1.amazoncognito.com/login?...: Get from AWS Cognito App configuration

AWS Cognito App configurations

Basic authentication

Default, AWS Secrets manager UI disable authentication.

AWS Secrets manager supports basic auth through two variable environments, in order enable it, try with 2 variable environments:

• AUTH_ENABLED=true
• AUTH_ACCOUNTS="{\"admin\":\"5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5\"}"

AUTH_ACCOUNTS define accounts' username and password. Password follows SHA-256, https://emn178.github.io/online-tools/sha256.html

Filter secret by names

Default, AWS Secrets manager UI get all secrets.

AWS Secrets manager support filter secrets by names through variable environment, in order to use it, you can try with variable environment:

• FILTER_NAMES=production,development

FILTER_NAMES defines which secrets you want to provide with AWS Secrets manager, each secret name is separated by comma. In the above example, you want to show only secrets with name production and development.

Screenshoots

TODO

• Local storage sort, filter, search
• Support MoaiJS
• Support filter by tags
• All POST API
• Login page
• Create new secret
• Delete secret

Contributor

• Thuc Le
• [email protected] (many thanks for logo)
• duysmile
• Thinh Le
• Monody Le