Skip to main content

Configure Stores

Atmos supports the concept of remote stores to facilitate the sharing of values between components or between some external process and a component. In atmos, values are saved to stores via hooks and are read using the !store yaml function. Values can also be saved to stores from outside of atmos, for example, from a CI/CD pipeline or a script.

Currently, the following stores are supported:

Atmos stores are configured in the atmos.yaml file and available to use in stacks via the store YAML function.

CLI Configuration

All of these settings should be configured in the Atmos CLI Configuration found in atmos.yaml.

Artifactory

stores:
  dev/artifactory:
    type: artifactory
    options:
      url: https://mydevartifactory.jfrog.io/artifactory
      repo_name: tfsharedstore

  prod/artifactory:
    type: artifactory
    options:
      url: https://myprodartifactory.jfrog.io/artifactory
      repo_name: tfsharedstore
      access_token: !env PROD_JFROG_ACCESS_TOKEN
stores.[store_name]
This map key is the name of the store. It must be unique across all stores. This is how the store is referenced in the store function.
stores.[store_name].type
Must be set to artifactory
stores.[store_name].options
A map of options specific to the store type. For Artifactory, the following options are supported:
stores.[store_name].options.access_token (optional)
An access token to use for authentication. This is not recommended as it is less secure than using the JFROG_ACCESS_TOKEN or ARTIFACTORY_ACCESS_TOKEN environment variables. See Authentication below for more information.
stores.[store_name].options.prefix (optional)
A prefix path that will be added to all keys stored or retreived from SSM Parameter Store. For example if the prefix is /atmos/infra-live/, and if the stack is plat-us2-dev, the component is vpc, and the key is vpc_id, the full path would be /atmos/infra-live/plat-us2-dev/vpc/vpc_id.
stores.[store_name].options.repo_name (required)
The name of the Artifactory repository to use.
stores.[store_name].options.url (required)
The URL of the Artifactory instance.

Authentication

The Artifactory store supports using an access token for authentication. The access token can be set directly in the atmos.yaml or via the JFROG_ACCESS_TOKEN or ARTIFACTORY_ACCESS_TOKEN environment variables.

NOTE: It is not recommended to set the access token in plain text in atmos.yaml as it is not secure. Specifying the access token via config is allowed so that you can support the use case where you have multiple Artifactory stores in atmos.yaml and you need to specify different access tokens for each. In this case, you can use the !env YAML function to set the access token from an environment variable.

AWS SSM Parameter Store

stores:
  prod/ssm:
    type: aws-ssm-parameter-store
    options:
      region: us-east-2
stores.[store_name]
This map key is the name of the store. It must be unique across all stores. This is how the store is referenced in the store function.
stores.[store_name].type
Must be set to aws-ssm-parameter-store
stores.[store_name].options
A map of options specific to the store type. For AWS SSM Parameter Store, the following options are supported:
stores.[store_name].options.prefix (optional)
A prefix path that will be added to all keys stored or retreived from SSM Parameter Store. For example if the prefix is /atmos/infra-live/, and if the stack is plat-us2-dev, the component is vpc, and the key is vpc_id, the full path would be /atmos/infra-live/plat-us2-dev/vpc/vpc_id.
stores.[store_name].options.region (required)
The AWS region to use for the SSM Parameter Store.

Authentication

The AWS SSM Parameter Store supports the standard AWS methods for authentication and the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables.