Using Route53 as a Key Value Store in GitHub Actions

You all do know that AWS SSM Parameter Store exists, right? It’s literally a KV store explicitly for this purpose. Parameters are scoped by path, versioned, are have optional encryption at rest.<p>Like you’re using the AWS cli! It’s one call to <a href="https:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;cli&#x2F;latest&#x2F;reference&#x2F;ssm&#x2F;get-parameter.html" rel="nofollow">https:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;cli&#x2F;latest&#x2F;reference&#x2F;ssm&#x2F;get-par...</a> away.<p>It even has built in Ansible support <a href="https:&#x2F;&#x2F;docs.ansible.com&#x2F;ansible&#x2F;latest&#x2F;collections&#x2F;amazon&#x2F;aws&#x2F;aws_ssm_lookup.html" rel="nofollow">https:&#x2F;&#x2F;docs.ansible.com&#x2F;ansible&#x2F;latest&#x2F;collections&#x2F;amazon&#x2F;a...</a> and can values can be rendered in Cloudformation templates natively.<p>Too hard? Maybe try Chamber <a href="https:&#x2F;&#x2F;github.com&#x2F;segmentio&#x2F;chamber" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;segmentio&#x2F;chamber</a> It has support for multiple backends and can render secrets in lots of different formats.

Ha! This is a novel idea for KV storage. Even reasonably secure if it&#x27;s the private hosted zone used in the post.<p>I wonder if you used the public zone option and did the nslookup as specified if you&#x27;d run into wrong or empty state while it propagates (assuming you need the value shortly after it&#x27;s stored). Either way, using the awscli would pull it write away so it wouldn&#x27;t matter.<p>Anyway, cool idea!

Very hacky -- in both a good sense and a bad sense.<p>Seems like there are tons of SaaS &amp; cloud service offerings which could be overloaded to do this. Eg, why not just use resource Tags in AWS? they are key&#x2F;value pairs. Or, why not put your key-values in a json file and store them as a GitHub workflow artifact? etc......

You are crazy! You have my admirations.

Yep.