I have a concourse environment deployed using bosh. It is configured with AWS Secrets Manager.
The pipeline secret template is of the form /concourse/{{.Team}}/{{.Secret}}
I have a secret /concourse/team1/general
created in AWS Secrets Manager (Other type of secrets) with the below value.
{
"gitbranch": "master",
"hello": "2",
"general": "hi"
}
I have a concourse pipeline hello-world.yml
set in team1
team.
---
jobs:
- name: job
public: true
plan:
- task: check-secret
config:
platform: linux
image_resource:
type: registry-image
source: { repository: busybox }
run:
path: echo
args: ["((general))"]
This pipeline outputs the value as
{"gitbranch":"master","hello":"2","general":"hi"}
But, if I change the args (last line) in pipeline to args: ["((general.gitbranch))"]
, then, I get the below error
failed to interpolate task config: cannot access field 'gitbranch' of non-map value ('string') from var: general.gitbranch
Is it possible to access any of the key value pairs in the secret from AWS Secrets Manager, in the concourse pipeline? If yes, how to do so?
Answering my own question.
By creating the secret using cli with the parameter --secret-binary
, I was able to achieve to fetch the key value pairs.
(Previously, I was creating the secret from aws console, which got created as a secret string.)
I used the below command to update my secret to create the secret as a binary.
b64key=$(base64 secrets.json)
aws secretsmanager update-secret \
--secret-id /concourse/team1/general \
--secret-binary "$b64key"
I found this using-aws-secrets-manager-with-concourse-ci and it was helpful in solving the issue.
If anyone knows a way to do this in console, kindly let me know.