diff --git a/README.md b/README.md index b2b7ad9..6e45d60 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ This command line utility automates the storage of encrypted secrets in [DynamoD 1. Add and configure a KMS key in IAM with the alias `credstash`, ensure this is created in the correct region as the user interface for this is quite confusing. 2. Run `unicreds setup` to create the dynamodb table in your region, ensure you have your credentials configured using the [awscli](https://aws.amazon.com/cli/). +NOTE: It is really important to tune DynamoDB to your read and write requirements if your using unicreds with automation! + # usage ``` diff --git a/cmd/unicreds/main.go b/cmd/unicreds/main.go index 3e08ea9..95241a7 100644 --- a/cmd/unicreds/main.go +++ b/cmd/unicreds/main.go @@ -26,7 +26,9 @@ var ( encContext = encryptionContext(app.Flag("enc-context", "Add a key value pair to the encryption context.").Short('E')) // commands - cmdSetup = app.Command("setup", "Setup the dynamodb table used to store credentials.") + cmdSetup = app.Command("setup", "Setup the dynamodb table used to store credentials.") + cmdSetupRead = cmdSetup.Flag("read", "Dynamo read capacity.").Default("4").Int64() + cmdSetupWrite = cmdSetup.Flag("write", "Dynamo write capacity.").Default("4").Int64() cmdGet = app.Command("get", "Get a credential from the store.") cmdGetName = cmdGet.Arg("credential", "The name of the credential to get.").Required().String() @@ -73,7 +75,7 @@ func main() { switch command { case cmdSetup.FullCommand(): - err := unicreds.Setup(dynamoTable) + err := unicreds.Setup(dynamoTable, cmdSetupRead, cmdSetupWrite) if err != nil { printFatalError(err) } diff --git a/ds.go b/ds.go index 62f9d0c..29722f4 100644 --- a/ds.go +++ b/ds.go @@ -104,7 +104,7 @@ func (slice ByName) Less(i, j int) bool { } // Setup create the table which stores credentials -func Setup(tableName *string) (err error) { +func Setup(tableName *string, read *int64, write *int64) (err error) { log.Debug("Running Setup") _, err = dynamoSvc.CreateTable(&dynamodb.CreateTableInput{ @@ -129,8 +129,8 @@ func Setup(tableName *string) (err error) { }, }, ProvisionedThroughput: &dynamodb.ProvisionedThroughput{ - ReadCapacityUnits: aws.Int64(1), - WriteCapacityUnits: aws.Int64(1), + ReadCapacityUnits: read, + WriteCapacityUnits: write, }, TableName: tableName, }) diff --git a/ds_test.go b/ds_test.go index 28b874b..f97291c 100644 --- a/ds_test.go +++ b/ds_test.go @@ -15,8 +15,10 @@ import ( ) var ( - tableName = "credential-store" - dsPlainText = []byte{ + tableName = "credential-store" + readCapacity = int64(4) + writeCapacity = int64(4) + dsPlainText = []byte{ 0x6a, 0xcf, 0xeb, 0xd6, 0xe9, 0xa6, 0x19, 0xc1, 0x38, 0xb9, 0xfc, 0x2d, 0x53, 0x23, 0x4d, 0x78, 0x85, 0x48, 0x96, 0xd6, 0xd2, 0xf6, 0xf4, 0x42, @@ -61,7 +63,7 @@ func TestSetup(t *testing.T) { dsMock.On("DescribeTable", mock.AnythingOfType("*dynamodb.DescribeTableInput")).Return(dto, nil) - err := Setup(&tableName) + err := Setup(&tableName, &readCapacity, &writeCapacity) assert.Nil(t, err) }