forked from MoneyLion/bitrise-step-aws-secrets-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
step.yml
112 lines (89 loc) · 3.16 KB
/
step.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
title: Fetch secrets from AWS Secrets Manager
summary: Fetch secrets from AWS Secrets Manager
description: |
This Step fetches secrets on-demand from AWS Secrets Manager, during Bitrise workflow execution.
The fetched secrets are then propagated into subsequent steps in the workflow.
This step can detect if it should parse the SecretString as JSON or as regular text. No extra configuration required.
Include this Step in your workflow, for example:
```yaml
workflows:
foo:
steps:
inputs:
- aws_access_key_id: $AWS_ACCESS_KEY_ID
- aws_secret_access_key: $AWS_SECRET_ACCESS_KEY
- aws_default_region: a-region-1
- secret_list: |
arn:aws:secret-1 # username # USERNAME
arn:aws:secret-2 # password # PASSWORD
- script@1:
inputs:
- content: |
#!/bin/bash
#
# Access your secrets via $USERNAME and $PASSWORD
```
Checkout the main repository README for more usage guide.
website: https://github.com/MoneyLion/bitrise-step-aws-secrets-manager
source_code_url: https://github.com/MoneyLion/bitrise-step-aws-secrets-manager
support_url: https://github.com/MoneyLion/bitrise-step-aws-secrets-manager/issues
type_tags:
- utility
is_requires_admin_user: true
is_always_run: false
is_skippable: false
toolkit:
go:
package_name: moneylion.com/security/bitrise-step-aws-secrets-manager
inputs:
- aws_access_key_id: ''
opts:
title: AWS access key ID
summary: AWS access key ID.
description: AWS access key ID.
is_sensitive: true
- aws_secret_access_key: ''
opts:
title: AWS secret access key
summary: AWS secret access key.
description: AWS secret access key.
is_sensitive: true
- aws_default_region: ''
opts:
title: AWS region
summary: AWS region to operate in.
description: AWS region to operate in.
- aws_profile: ''
opts:
title: AWS named profile
summary: An AWS named profile in shared configuration file.
description: An AWS named profile in shared configuration file.
- aws_iam_role_arn: ''
opts:
title: AWS IAM role ARN
summary: The ARN of AWS IAM role to assume.
description: The ARN of AWS IAM role to assume.
- secret_list:
opts:
title: Secret list
summary: A list of secrets to fetch.
description: |
A newline separated list of secrets to fetch from AWS Secrets Manager.
Each line is in the form of:
```
<Secret ARN> # <JSON object key> # <Environment variable>
```
For example, given the secret with an ARN `arn:aws:secret-1`, and a secret value:
```
{
"username": "admin",
"password": "str0ngpassword"
}
```
Specifying this line in the secret list:
```
arn:aws:secret-1 # username # USERNAME
```
Fetches the secret, retrieves the JSON value under the key `username`, and store that value in the `USERNAME` environment variable. `$USERNAME` will now contain the value `admin`.
is_required: true