Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(secretsmanager): Access secret string stored in secret manager from CDK #11758

Closed
simran66 opened this issue Nov 28, 2020 · 5 comments
Closed

(secretsmanager): Access secret string stored in secret manager from CDK #11758

simran66 opened this issue Nov 28, 2020 · 5 comments
Assignees
@SomayaB
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged.

Comments

@simran66
Copy link

simran66 commented Nov 28, 2020
edited
Loading

I am storing the Codestar connection string for Bitbucket in Secret manager. How can I retrieve it in the CDK app:

I am trying with:

// Get Bitbucket Connection String
const bitbucketConnectionString = Secret.fromSecretCompleteArn(this, "bitbucketConnectionString", "arn:aws:secretsmanager:us-west-2:1000000000:secret:BitbucketCloudConnection-abcdef0");


// SourceAction
const sourceAction = new BitBucketSourceAction({
    actionName: 'BitbucketSource',
    owner: 'abc',
    repo: repoName,
    output: sourceOutputArtifact,
    connectionArn: bitbucketConnectionString,
})

bitbucketConnectionString is not a string though.

  1. How do I access the secret value which is actually a connectionString stored in Secret Manager.

  2. What is the right way to replace region and accountId with Pseudo variables in the connection string;

    arn:aws:secretsmanager:us-west-2:1000000000:secret:BitbucketCloudConnection-abcdef0
@simran66 simran66 added guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged. labels Nov 28, 2020
@jogold
Copy link
Contributor

jogold commented Nov 28, 2020

You need to use the SecretValue class from core: https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/core/README.md#secrets

@simran66
Copy link
Author

simran66 commented Nov 28, 2020
edited
Loading

@simran66 Did you mean bitbucketConnectionString.secreValue ? It doesn't return me a string. connectionArn is expecting a string value. Can you share in the context of the question, please? I read through the page and didn't understand still

@jogold
Copy link
Contributor

jogold commented Nov 28, 2020
edited
Loading 

// SourceAction
const sourceAction = new BitBucketSourceAction({
    actionName: 'BitbucketSource',
    owner: 'abc',
    repo: repoName,
    output: sourceOutputArtifact,
     // use it with secret name, no need for the -abcdef0 part
    connectionArn: SecretValue.fromSecretsManager('BitbucketCloudConnection').toString()
})

Just like the example in the README in core.

SecretValue is a class from @aws-cdk/core.

@SomayaB SomayaB changed the title Access secret string stored in secret manager from CDK (secretsmanager): Access secret string stored in secret manager from CDK Nov 30, 2020
@github-actions github-actions bot added the @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager label Nov 30, 2020
@SomayaB SomayaB assigned SomayaB and unassigned njlynch Nov 30, 2020
@SomayaB
Copy link
Contributor

SomayaB commented Dec 7, 2020

Closing since jogold's guidance seems to have solved the issue.

@SomayaB SomayaB closed this as completed Dec 7, 2020
@github-actions
Copy link

github-actions bot commented Dec 7, 2020

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SomayaB SomayaB

Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@njlynch @simran66 @jogold @SomayaB