Migration from AWS Secrets Manager
Migrate secrets from AWS Secrets Manager to QNSP.
Migration from AWS Secrets Manager
Migrate secrets from AWS Secrets Manager to QNSP.
Prerequisites
- AWS CLI configured
- QNSP CLI configured
- IAM permissions for Secrets Manager
Migration steps
1. List secrets
aws secretsmanager list-secrets --query 'SecretList[].Name'
2. Export secrets
#!/bin/bash
for secret in $(aws secretsmanager list-secrets --query 'SecretList[].Name' --output text); do
aws secretsmanager get-secret-value \
--secret-id "$secret" \
--query 'SecretString' \
--output text > "exports/$secret.json"
done
3. Import to QNSP
Import secrets by creating them via the Vault API or the Vault SDK.
Automated migration
Automated migration tooling is not shipped in this repo.
Rotation configuration
AWS Secrets Manager rotation needs reconfiguration:
{
"rotation": {
"enabled": true,
"schedule": "rate(30 days)"
}
}
Application updates
Update applications to use QNSP SDK:
// Before (AWS SDK)
const secret = await secretsManager.getSecretValue({SecretId: 'my-secret'});
// After (QNSP SDK)
// Use the Vault SDK and request secret values by ID.