A lightweight and read-only implementation of the credstash client. Now you can read your KMS encrypted data directly from DynamoDB into your Scala code.
- Only works with up to version 1.11 of Credstash
- Alternatively, you can take a look at my other library, https://github.com/kdrakon/scala-aws-params-reader
- As credstash utilises 128 bit AES encryption, your Java runtime needs the JCE Unlimited Strength Jurisdiction Policy Files or not be limited by it.
- The necessary configuration needed for credstash (AWS credentials, KMS, a DynamoDB, etc.). See their dependencies listing and setup guide here.
Create a SimpleCredStashClient
using AWS' KMS and DynamoDB clients:
val creds = new DefaultAWSCredentialsProviderChain()
val kmsClient: AWSKMSClient =
new AWSKMSClient(creds).withRegion(Region.getRegion(Regions.AP_SOUTHEAST_2))
val dynamoClient: AmazonDynamoDBClient =
new AmazonDynamoDBClient(creds).withRegion(Region.getRegion(Regions.AP_SOUTHEAST_2))
val credstash = SimpleCredStashClient(kmsClient, dynamoClient)
You can then read a String value or other type using a custom CredStashValueReader
:
val password = credstash.get("password")
import io.policarp.scala.credstash.reader.Readers._
val timeout = credstash.as[Int]("timeout")