Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS CodeBuild secrets-manager config with environment variable

Update:

Not sure when this happened, but this works as is described now.

As well as an option in the Pipeline build action to set the secret directly.

secrets-manager


Original Question:

I have an environment variable set for the secret-id set inside the build phase of a AWS CodePipeline. eg. $SECRET_ID.

I want to use it in the CodeBuild buildspec.yml to get a set of secrets from the Secrets Manager based on my environment. Is it possible to self-reference other variables in a buildspec file?

This is how I would have anticipated it would work, but it doesn't.

version: 0.2

env:
  secrets-manager:
    MY_SECRET: ${SECRET_ID}

phases:
  build:
    commands:
      - echo $MY_SECRET

I receive the following error in the build logs.

Secrets Manager Error Message: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!

like image 968
hyperdrive Avatar asked Jan 22 '20 19:01

hyperdrive


People also ask

How do I set environment variables in CodeBuild?

Choose the icon to edit your CodeBuild action. On the Edit action page, under Environment variables, enter the following: In Name, enter a name for your environment variable. In Value, enter the variable syntax for your pipeline output variable, which includes the namespace assigned to your source action.

What is the build environment for CodeBuild?

A build environment represents a combination of operating system, programming language runtime, and tools that CodeBuild uses to run a build. For information about how a build environment works, see How CodeBuild works. A build environment contains a Docker image.

Which configuration file will require AWS CodeBuild to build the code?

AWS CodeBuild runs your builds in preconfigured build environments that contain the operating system, programming language runtime, and build tools (e.g., Apache Maven, Gradle, npm) required to complete the task.

What is Codebuild_src_dir?

CODEBUILD_SRC_DIR. The directory path that CodeBuild uses for the build (for example, /tmp/src123456789/src ). For secondary sources, the environment variable for the secondary source directory path is CODEBUILD_SRC_DIR_ <sourceIdentifier> , where <sourceIdentifier> is the source identifier you create.


1 Answers

You simply need to reference it directly. as : where -

(Required) The local environment variable name. Use this name to access the variable during the build. (Required) The name or Amazon Resource Name (ARN) that serves as a unique identifier for the secret. To access a secret in your AWS account, simply specify the secret name. To access a secret in a different AWS account, specify the secret ARN.

version: 0.2

env: secrets-manager: MY_SECRET: SECRET_ID

phases: build: commands: - echo $MY_SECRET

like image 108
pranayC Avatar answered Sep 18 '22 00:09

pranayC