KMS Choice and Documentation

[ambsw-technology]

In this PR (built on #19 for simple merging):

• Added a Secret YAML tag class that supported custom KMS keys. I later added a SecureString class (and !SecureString tag) as a more memorable syntax for adding secrets (all backwards compatible with SecureTag).
• Converted all of the CLI commands to git equivalents. The only alias I left was for plan as I rarely use git in the CLI so status is not as obvious (to me) as clone, pull, and push.
• I updated the README to reflect all of the new changes. I thought it was important to warn people of the risks around paths (as discussed in #15) and strongly recommend measures to protect themselves.
• One of the recommended measures was to keep a local backup of the Parameter Store, but it's not a good idea to leave unencrypted secrets lying around so I added the SSM_NO_DECRYPT option.
  • Restoring encrypted parameters is not trivial, but should be rare enough that the added effort is offset by the ability to (securely) prevent data loss.

This will probably be my last PR for some time (unless I discover a bug or someone needs a behavior tweaked). I dove into this project so we could use it to migrate YAML configs to Parameter Store and continue to maintain those configs on parameter store. At this point, the project does enough of what we need to get back to the migration itself.

[ambsw-technology]

P.S. If you merge this PR, you'll get all of the improvements at once. I left them in separate and sequenced PRs so you'd have an easier time reviewing the change in the context of my PR comments.

If anyone wants to use the improved code before it gets merged (and hopefully updated on pip), they can point their requirements to the master branch of the ambsw/ssm-diff repo.

[ghost]

Any update on this PR?

[ambsw-technology]

Doesn't look like there's any action on this repo anymore. You can add my fork to your project directly... or we can work on getting it up onto pypi (under a new name obviously).