Secrets Management Command tool

Secrets Management

This command line tool enables you to get secrets from the followings:

More on the Datadog secret management can be found in Here

This tool is written in Go(Golang) More on Go can be found in below links:

You can run the backendCommand depending on which cloud provider you use as below:

Once you have the code compiled you should have an exe file generated with the name secretBackendCommand.exe.

You need to make sure the Datadog-Agent have permission to execute the secretBackendCommand.exe file.

The secretBackendCommand expects the following arguments to be passed in for a proper execution.

How to:

Compile the code?
1. git clone the repository
1. make sure the git environments are set for the dest os
1. run "go build src/secretBackendCommand.go" within secretmanager folder
Set permissions to access the secrets by the command?
- AWS
- Azure
Add backendCommand arguments to the Datadog agent?
- you can the arguments in the secret_backend_arguments section of datadog.yaml file

Questions:

Does it need the host and secrets be under same region or VPS?
- not necessarily, credentials can be set to access secrets from anywhere outside the VPS
What platforms I can run the backendCommand?
- Go can run on many platforms including but not limited to Windows, Linux, Mac Os.... Link

Troubleshooting:

Getting permission errors from Datadog agent
- You need to make sure the Datadog agent is the OWNER of the secretBackendCommand and is the ONLY one with read and execution permissions on the file.
- - Windows:
- - - Right click on the file and go to properties -> security -> advanced . Make sure ddagentuser user is the only account has access to the file (system account and Administrator group can also have permission)
- - Linux:
- - - run the following commands after changing the SECRETBACKEND_FILENAME accordingly.
- - - CHMOD dd-agent SECRETBACKEND_FILENAME
- - - CHMOD 700 SECRETBACKEND_FILENAME