Extension SSM Config

Extension Basics

Title	SSM Config
Name	ckanext-ssm-config
Type	Public extension
Description	CKAN extension to interpolate config values from Amazon SSM Parameter Store, enabling secure secrets management for CKAN deployments.
CKAN versions	~2.9,~2.10,~2.11 Show details These CKAN Versions are exactely matched: 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.10.9 2.11.0 2.11.1 2.11.2 2.11.3 2.11.4 2.12.0 2.9.0 2.9.0a 2.9.1 2.9.10 2.9.11 2.9.13 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 2.9.8 2.9.9
Download-Url (zip)	https://github.com/qld-gov-au/ckanext-ssm-config.git#egg=ckanext-ssm-config
Last commit	10 months ago (2025-04-22 08:04:52)
Url to repo	https://github.com/qld-gov-au/ckanext-ssm-config
Category	Cloud Infrastructure & Storage

Background Infos

Description (long)	Show details ckanext-ssm-config CKAN extension to interpolate config values from Amazon SSM Parameter Store. Useful for managed environments where secrets (Beaker session key, XLoader tokens, reCAPTCHA keys) should be stored outside config management. Features Placeholder syntax: `${ssm:/path/to/value}` or `{{ssm:/path/to/value}}` Fallback values: `{{ssm:/path/to/value:default_value}}` Auto-load all SSM parameters under a prefix into CKAN config (slashes converted to dots) Runtime resolution of config values from AWS Parameter Store Requirements CKAN 2.9, 2.10, 2.11, or master (2.12) boto3 IAM permissions for `ssm:GetParameter`, `ssm:GetParameters`, `ssm:GetParametersByPath` Installation Activate your CKAN virtual environment. Install from PyPI: `pip install ckanext-ssm-config` Add `ssm_config` to the `ckan.plugins` setting in your CKAN config file. Config settings `ckanext.ssm_config.region_name = ap-southeast-2 ckanext.ssm_config.prefix = /ckan/production/ ckanext.ssm_config.aws_access_key_id = YOUR_KEY ckanext.ssm_config.aws_secret_access_key = YOUR_SECRET` Usage example in ckan.ini: `beaker.session.secret = ${ssm:/ckan/beaker_session_secret} ckanext.xloader.api_token = {{ssm:/ckan/xloader_token:default_token}}` Note: DB passwords cannot be handled since they are read before the plugin loads. Developed for data.qld.gov.au and publications.qld.gov.au. License AGPL-3.0
Version	0.1.1
Version release date	2025-04-22
Contact name	Queensland Government
Contakt email	(not set)
Contact Url	(not set)

Installation Guide

Configuration hints	Requires boto3 and IAM permissions for SSM access. DB passwords cannot be handled as they are read before plugin loads.
Plugins to configure (ckan.ini)	ssm_config
CKAN Settings (ckan.ini)	`# ckanext.ssm_config.region_name = ap-southeast-2 # ckanext.ssm_config.prefix = /ckan/production/ # ckanext.ssm_config.aws_access_key_id = YOUR_KEY # ckanext.ssm_config.aws_secret_access_key = YOUR_SECRET`
DB migration to be executed	(not set)

<< back to Extensions