Yea it’s a good complement to those tools too, but for plain compliance mods, use flowpipe powerpipe. Steampipe is more of a realtime view of resources, where wiz and orca are more scanners with state. You can kind of mimik it with steampipe but it’s a lot of extra work. Credentials handling is entirely dependent on the plugin being used. So use a wrapper to pull whatever info from your secrets store (vault, sops, etc) and inject it in your local env/configs
Sorry, I don’t. I learned by using. It’s like any other tool, play with it, and look at the code and docs. What’s your use case? From the sound of it, it’s more a config managment issue than steampipe issue. I can try and help. Also they are active on slack and respond to bugs pretty quick in my experience.
Depends on the plugin used, but you can tool it up to use env variables or whatever the plugin supports, you can also change perms locally or host it in service mode with no direct access other than a postgres connection, it’s postgres under the hood so you can add roles etc if you want. I use a wrapper to generate configs/envs on startup pulling from ssm parameters or secrets on Aws
Sorry I’m new to lemmy, didn’t see the screenshot, Yea if it’s static creds locally I would use something simple like 1pass or sops and just make a wrapper to pull the data (after authenticating) and populate the needed environment variables. But if you have multiple connections with the same plugin it won’t work. So you need to get creative on setting up per connection settings. Usually for that it’s still stored in a secure storage but the config is rendered on startup using some simple bash or templating. The real advantage of steampipe for me is the aggregated connections, searching all Aws accounts for a resource Or dumping all r53 records with a simple query is a godsend. And adding tooling like redash make it even easier to drill down and share data