forked from newrelic/nri-flex
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-kms-secret-decrypt-and-sub.yml
41 lines (41 loc) · 2.21 KB
/
aws-kms-secret-decrypt-and-sub.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
### kms secret example
---
integrations:
- name: nri-flex
# interval: 30s
config:
name: awskmsExample
secrets:
myawskey: # specify a namespace for your key
kind: aws-kms # set kind of secret
region: ap-southeast-2 # region required
### can specify your own credential and/or config file
# credential_file: "./myAWSCredentialFile"
# config_file: "./myAWSConfigFile"
### need to set one of three options, http, file, or data to decrypt
http:
url: https://some-special-s3-bucket.s3-ap-southeast-2.amazonaws.com/some.file ### download a file containing a secret
### other optional configuration for http
# headers:
# myHeader: ABC
# tls_config:
# insecure_skip_verify: true
# ca: "./pathToCa"
# file: ./some.file ### path to file
# data: AQICAHgdUAUlK7RGdwKFdBCTfRCsNk3oNtTv7FWsrP5VgoCFUgHPmcKgBpjzi7sdnDvV+RipAAAAZzBlBgkqhkiG9w0BBwagWDBWAgEAMFEGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMDUJMrVgA36DJmdflAgEQgCQIlM5F0zpUbH0MgWUskXjb4GJmAOvLgJUkMf5SJDmE2sceuCs=
### the exact returned value will be accessible via ${secret.<namespace>:value} eg. ${secret.myawskey:value}
### if you want to unpack the decrypted contents further, set a "type"
### if the type is set to json, the json attributes will become available to select
### eg. {"abc":"def"} returned the "def" value can be accessed by setting ${secret.myawskey:abc} and "def" will be substituted in
### likewise if you have a value that is split by equals that looks like "abc=def" or even "abc=def,hello=hi"
### ${secret.myawskey:abc} will be substituted to "def" and ${secret.myawskey:hello} will be substituted "hi"
type: equal
custom_attributes: # applies to all apis
myCustAttr: myCustVal
apis:
- event_type: awskmsExample
url: https://jsonplaceholder.typicode.com/todos/1
custom_attributes:
nestedCustAttr: nestedCustVal # nested custom attributes specific to each api
secretFull: ${secret.myawskey:value} #
secretOther: ${secret.myawskey:hello} #