AWS Parameter Store

reading time 3 mins

This guide will show you how to set up automatic syncing of Doppler secrets to AWS Parameter Store.

Prerequisites

  • You have an AWS account with console access and are familiar with AWS Parameter Store.
  • Familiarity with AWS IAM is advantageous but not strictly required

Authorization

Navigate to the project you would like to integrate, click Integrations from the Projects menu, then select AWS Parameter Store to begin the authorization process.

The first step is entering the AWS Key ID and Secret Access Key required by Doppler to sync secrets to the Parameter Store.

You can choose to enter credentials for an existing IAM user, or you can click the link above the text fields to create a new IAM user with the required permissions.

If using an existing IAM user, you can skip this step, but if not, once on the AWS IAM page, click the Create user button at the bottom right of the screen, then leave the following page open as you'll need the credentials for the next step.

Paste in your AWS Key ID and Secret Access Key and click Connect to finish creating the connection to AWS.

Advanced: using a custom AWS IAM policy

If you'd prefer a custom IAM policy with only the permissions required by Doppler, you can use the following policy in JSON format to attach to a new or existing IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowSSMAccess",
            "Effect": "Allow",
            "Action": [
                "ssm:PutParameter",
                "ssm:LabelParameterVersion",
                "ssm:DeleteParameter",
                "ssm:RemoveTagsFromResource",
                "ssm:GetParameterHistory",
                "ssm:AddTagsToResource",
                "ssm:GetParametersByPath",
                "ssm:GetParameters",
                "ssm:GetParameter",
                "ssm:DeleteParameters"
            ],
            "Resource": "*"
        }
    ]
}

Configuration

Now chose the config to sync, the AWS region, and optionally, the Path that acts as a prefix for the name of each secret synced. For example, a Path value of /your-app/production/ with a secret named API_KEY would result in a Parameter Store key of /your-app/production/API_KEY.

Options

Save as Secure String
We recommend saving your Doppler secrets as Secure Strings. However, for services like CloudFormation, secure secrets are not supported. In that case, you can uncheck this box to save your secrets in plain text. We only recommend this for configuration variables.

Tags
The list of tags to be applied to each parameter resource.

Click Set Up Integration and Doppler will instantly sync your secrets to AWS! To confirm the integration is working correctly, you can view the synced secrets in Parameter Store by clicking the DESTINATION link

πŸ‘

Amazing Work!

You've successfully set up the Doppler AWS Parameter Store integration! Every time you update your secrets in Doppler, we will automatically update them to AWS Parameter Store.


Did this page help you?