terraform-aws-eks-jx
terraform-aws-eks-jx copied to clipboard
jenkins-x
Add support for AWS secrets manager
Summary
Presently, secrets for jx3 can only be stored in vault when using it with eks. AWS has a managed secret store called secrets manager. It would be nice to have support for it in jx3. https://aws.amazon.com/secrets-manager/
This works for me, after the recent fixes. Should we close this issue now?
@babadofar please how does it works for you? what values do you use in the jx-requirements file?
I used these values in terraform module with version 1.15.38
use_vault = false
use_asm = true
In jx-requirements file I tested it with secretStorage: asm and secretStorage: secretsManager
Thank you
Yes, this works now. Would be good to document if anything is missing @babadofar
It doesn't work for me. I first tried just
use_vault = false
use_asm = true
When that didn't work I studied the code in terraform-aws-eks-jx and as a result added create_asm_role = true.
This made secretStorage: asm change to secretStorage: secretsManager. But that didn't do much difference since .jx/secret/mapping/secret-mappings.yaml still refered to vault so the boot job still waited for the the secrets to turn up in vault.
Which cluster git repo did you use? Did u try this? https://github.com/jx3-gitops-repositories/jx3-eks-asm
No, my repo is based on jx3-eks-vault. When I first noticed that .jx/secret/mapping/secret-mappings.yaml needed chaning I first just did a search and replace from vault to secretsManager. That didn't work and I found that you had to specify the region. So in my case a fragment became this:
spec:
defaults:
backendType: secretsManager
region: eu-north-1
That didn't work properly either. I then tried to drop in the .jx/secret/mapping/secret-mappings.yaml from https://github.com/jx3-gitops-repositories/jx3-eks-asm, except that I added the missing region.