Reading this I am confused about what exactly this is meant to solve as well.
Given that services like Lambda and ECS are already setup to be able to pull from secret manager natively and provide it as an environment variable.
What is the threat model that this is actually going to solve? At best it seems like security through obscurity, it removes the low hanging fruit of looking at ENV but if your application has the rights to use this than if someone gets into your container they can still get your secret.
What am I missing about the big advantage of this and why it was made?
The motivation is in the project’s readme, down at the bottom.
The tl;dr is that this is for legacy software where you can make HTTP calls to retrieve a secret, but for some reason cannot use the AWS SDK. If you can use the SDK, you should use that instead of this proxy.
Given that services like Lambda and ECS are already setup to be able to pull from secret manager natively and provide it as an environment variable.
What is the threat model that this is actually going to solve? At best it seems like security through obscurity, it removes the low hanging fruit of looking at ENV but if your application has the rights to use this than if someone gets into your container they can still get your secret.
What am I missing about the big advantage of this and why it was made?