morten/with-ssm
1
0
Fork 0
mirror of https://github.com/morten-olsen/with-ssm.git synced 2026-02-08 00:46:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: morten:efa489d524f7ba1597d41110492c483da409f40f
Branches Tags
morten:main
morten:0.1.14 morten:0.1.13 morten:0.1.12 morten:0.1.11 morten:0.1.10 morten:0.1.9 morten:0.1.8 morten:0.1.7 morten:0.1.6 morten:0.1.5 morten:0.1.4 morten:0.1.3 morten:0.1.2 morten:0.1.1 morten:0.1.0
...
compare: morten:0.1.4
Branches Tags
morten:main
morten:0.1.14 morten:0.1.13 morten:0.1.12 morten:0.1.11 morten:0.1.10 morten:0.1.9 morten:0.1.8 morten:0.1.7 morten:0.1.6 morten:0.1.5 morten:0.1.4 morten:0.1.3 morten:0.1.2 morten:0.1.1 morten:0.1.0

1 Commits
efa489d524 ... 0.1.4

Author SHA1 Message Date
Morten Olsen
64f6f6df6a docs: add compare section 2025-08-08 15:14:36 +02:00
1 changed files with 47 additions and 0 deletions
Expand all files Collapse all files

47
README.md
View File

@@ -173,3 +173,50 @@ with-ssm -- docker-compose up
# Deploy with production secrets
with-ssm --profile production -- npm run deploy
```
## How does `with-ssm` compare to...?
`with-ssm`'s philosophy is to be a lightweight utility that enhances your
existing workflow, not a heavy framework that replaces it. Heres how it
compares to other tools.
### vs. `.env` files & `dotenv`
`with-ssm` is a security upgrade for the `dotenv` pattern. Instead of storing
secrets in plaintext `.env` files, you store secure `SSM:` references that are
safe to commit to version control. Your app gets the secrets it needs at
runtime, but they never live on your disk, giving you the same simple developer
experience with a major security boost.
### vs. `aws-vault`
These tools are complementary and solve different problems. `aws-vault` securely
manages your local AWS _credentials_, while `with-ssm` uses those credentials to
fetch and inject application _secrets_. They work perfectly together—use
`aws-vault` to handle authentication and `with-ssm` to handle secret resolution:
`aws-vault exec my-profile -- with-ssm -- npm start`.
### vs. `chamber`
`chamber` is a more powerful CLI for the full lifecycle of secret management
(reading, writing, listing), while `with-ssm` is a lightweight utility focused
only on resolving secret references from a file. Choose `with-ssm` for its
"drop-in" simplicity and zero-config approach to enhance an existing `.env`
workflow; choose `chamber` if you need a more comprehensive command-line tool
for advanced SSM tasks.
### vs. Cloud-Native Integrations (ECS, Lambda)
`with-ssm` is built for **local development and CI/CD**, allowing your local
environment to securely mirror production. When your code is running _inside_ an
AWS environment like ECS or Lambda, you should always use the native best
practice: grant the service an IAM role to fetch secrets directly via the AWS
SDK.
### vs. Full Secret Management Platforms (HashiCorp Vault, Doppler)
Platforms like Vault or Doppler are comprehensive, often multi-cloud solutions
with their own UIs and infrastructure. `with-ssm` is a focused, AWS-native
utility, not a platform. It's the ideal choice for teams already using AWS who
want a simple, direct way to leverage SSM Parameter Store without the
operational overhead of a separate service.