12

I'm looking to set up a local Docker instance of AWS Secrets Manager.

I've been scouring the web for an image or anything of the sort that I can use. I can only find documentation for AWS ECS secrets management.

Does anyone have any experience with setting up AWS Secrets Manager for local testing through Docker? Thanks!

Bbbbob
  • 415
  • 2
  • 6
  • 10
  • Hi @Bbbbob, did you make it work? I am facing some issues, it would be great if you share the sample working code .. – unknown Mar 25 '21 at 06:03
  • you can find the working sample here https://stackoverflow.com/questions/66811893/localstack-throws-the-security-token-included-in-the-request-is-invalid – unknown Mar 26 '21 at 12:50

2 Answers2

15

Good question!
You could run localstack [1] inside a docker container. It mocks some of the AWS services for testing purposes. AWS Secrets Manager is supported at http://localhost:4584 by default.
There are some useful blog posts covering localstack. [2][3]

However, I could not find any blog post covering AWS Secrets Manager on localstack. I guess you have to try it out yourself.

References

[1] https://github.com/localstack/localstack
[2] https://medium.com/@andyalky/developing-aws-apps-locally-with-localstack-7f3d64663ce4
[3] https://medium.com/pareture/localstack-for-local-aws-dev-22775e483e3d

Martin Löper
  • 6,471
  • 1
  • 16
  • 40
  • 1
    Since the questions is specific to Secrets Manager, it is worth noting that not all operations of AWS Secrets Manager is supported by Localstack at the moment. See [GitHub Issue with more details](https://github.com/localstack/localstack/issues/1002). I have had success with `createSecret` and `getSecretValue` operations. – frpet Mar 02 '20 at 19:09
  • 3
    After version 0.11.0, a unique URL http://localhost:4566 is shared by all services. The command `awslocal` can be used instead of `aws --endpoint-url=http://localhost:4566`. – Guillaume Vauvert Jan 29 '21 at 12:42
7

You can setup local AWS SecretManager inside LocalStack using the following command:

aws --endpoint-url=http://localhost:4566 secretsmanager create-secret --name my_secret --secret-string '[{"my_uname":"username","my_pwd":"password"}]'

Output:

{
    "ARN": "arn:aws:secretsmanager:us-east-1:000000000000:secret:my_secret-denusf",
    "Name": "my_secret",
    "VersionId": "e168cdf1-5c94-493d-bafd-791779a7515d"
}
rajadilipkolli
  • 3,475
  • 2
  • 26
  • 49
Rajneesh Aggarwal
  • 349
  • 3
  • 4
  • 3
    had to put the secret string in '' like this : aws --endpoint-url=http://localhost:4566 secretsmanager create-secret --name my_secret --secret-string '[{"my_uname":"username","my_pwd":"password"}]' – sandeepkunkunuru Dec 10 '21 at 12:00