A lightweight and read-only implementation of the credstash client. Now you can read your KMS encrypted data directly from DynamoDB into your Scala code.
- Only works with up to version 1.11 of Credstash
- Alternatively, you can take a look at my other library, https://github.com/kdrakon/scala-aws-params-reader
- As credstash utilises 128 bit AES encryption, your Java runtime needs the JCE Unlimited Strength Jurisdiction Policy Files or not be limited by it.
- The necessary configuration needed for credstash (AWS credentials, KMS, a DynamoDB, etc.). See their dependencies listing and setup guide here.
Create a SimpleCredStashClient using AWS' KMS and DynamoDB clients:
val creds = new DefaultAWSCredentialsProviderChain() val kmsClient: AWSKMSClient = new AWSKMSClient(creds).withRegion(Region.getRegion(Regions.AP_SOUTHEAST_2)) val dynamoClient: AmazonDynamoDBClient = new AmazonDynamoDBClient(creds).withRegion(Region.getRegion(Regions.AP_SOUTHEAST_2)) val credstash = SimpleCredStashClient(kmsClient, dynamoClient)
You can then read a String value or other type using a custom CredStashValueReader:
val password = credstash.get("password") import io.policarp.scala.credstash.reader.Readers._ val timeout = credstash.as[Int]("timeout")