Menu
Update:
Not sure when this happened, but this works as is described now.
As well as an option in the Pipeline build action to set the secret directly.
Original Question:
I have an environment variable set for the secret-id set inside the build phase of a AWS CodePipeline. eg. $SECRET_ID.
I want to use it in the CodeBuild buildspec.yml to get a set of secrets from the Secrets Manager based on my environment. Is it possible to self-reference other variables in a buildspec file?
This is how I would have anticipated it would work, but it doesn't.
version: 0.2
env:
secrets-manager:
MY_SECRET: ${SECRET_ID}
phases:
build:
commands:
- echo $MY_SECRET
I receive the following error in the build logs.
Secrets Manager Error Message: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
968
Choose the icon to edit your CodeBuild action. On the Edit action page, under Environment variables, enter the following: In Name, enter a name for your environment variable. In Value, enter the variable syntax for your pipeline output variable, which includes the namespace assigned to your source action.
A build environment represents a combination of operating system, programming language runtime, and tools that CodeBuild uses to run a build. For information about how a build environment works, see How CodeBuild works. A build environment contains a Docker image.
AWS CodeBuild runs your builds in preconfigured build environments that contain the operating system, programming language runtime, and build tools (e.g., Apache Maven, Gradle, npm) required to complete the task.
CODEBUILD_SRC_DIR. The directory path that CodeBuild uses for the build (for example, /tmp/src123456789/src ). For secondary sources, the environment variable for the secondary source directory path is CODEBUILD_SRC_DIR_ <sourceIdentifier> , where <sourceIdentifier> is the source identifier you create.
You simply need to reference it directly. as : where -
(Required) The local environment variable name. Use this name to access the variable during the build. (Required) The name or Amazon Resource Name (ARN) that serves as a unique identifier for the secret. To access a secret in your AWS account, simply specify the secret name. To access a secret in a different AWS account, specify the secret ARN.version: 0.2
env: secrets-manager: MY_SECRET: SECRET_ID
phases: build: commands: - echo $MY_SECRET
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
