The AWS Systems Manager Parameter Store provides secure method of secret management. You can store data such as passwords, database strings, and license keys as parameter values. These values can then be stored either as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. All of this is offered at no additional cost to you.
ClearCloud stores all instance credentials within this space due to its flexibility and security. Therefore, it is key to know how you can access, and decrypt, parameters stored in here.
There are two key ways to access SSM Parameters:
AWS CLI
Getting parameters, through the method is easy. Simply run:
aws ssm get-parameter --name "PARAMETER_NAME"
If you want to retrieve an encrypted parameter, add a `--with-decryption` flag. SSM will then automatically decrypt the parameter and will output the plain text value.
AWS Console
First, you will need to visit the AWS Systems Manager console page:
Once here, navigate to the Parameter Store. This option is found in the sidebar, towards the bottom.
Now that you are in the Parameter Store, you will be able to see a list of values, present within that particular region. Each region has it's own parameter store, so it's always best to double check you are in the correct one!
Once here, simply click on the name of the value you wish to retrieve.
Now that you have found the value, simply press "Show". This will decrypt the value and present itself within your web browser.
If you have any further questions, please feel free to reach out to a member of our team.