In a recent series of blog posts, I drew up how to go from a basic StackStorm installation and pack deployed using Ansible, to moving that entire custom deployment to a one-touch cloud deployment using BitOps while only modifying a handful of files in the process.

We only barely scratched the surface of our implementation, and we can always go further. One aspect I tried to be mindful of throughout the guides was the various ways of managing of secrets. In this guide we will detail how we can utilize an AWS Key Management Service (KMS) key as well as AWS Systems Manager (SSM) and Parameter Store to take that a step further.

In practical terms: we'll create a BitOps before hook script we use to retrieve all of the secret variables we need from AWS, and demonstrate how we can load those into the BitOps container environment for usage within our existing Ansible StackStorm playbook.

Last time, we had refactored our basic one-line install of StackStorm and our custom pack into an Ansible playbook. The Ansible playbook works well enough on its own but still requires us to already have a server setup for Ansible to execute the playbook on. What if we didn't need that pre-existing server and were able to on-the-fly provision one for our playbook? This arena is where Infrastructure-as-Code (IAC) initiatives really shine and where I would now like to introduce BitOps.

This is the second part in a StackStorm tutorial series:

• Part 1: DevOps Automation using StackStorm - Getting Started
• Part 2: DevOps Automation using StackStorm- Deploying with Ansible
• Part 3: DevOps Automation using StackStorm - Cloud Deployment via BitOps
• Part 4: DevOps Automation using StackStorm - BitOps Secrets Management

To complete this tutorial you will need:

• ansible
• A Linux server with basic internet connectivity

If you prefer skipping ahead to the final solution, the code created in this tutorial is on Github.

---

Event driven DevOps automation is a concept based around listening for desired events and then performing a task in response. There are a wide variety of applications for the event driven 'cause and effect' relationship in both personal and enterprise environments.

In the home, upon returning  from shopping when your cellphone is detected on the network, you may want your WiFi enabled lights to come on automatically to a desired brightness depending on the time of day.

In the office, when a crucial system's data store is reaching capacity we may want to send an alert and create a Jira ticket to track remediation.

The question remains, how, or what do we use to 'listen' for these events?

Enter, StackStorm.