ci: Replace ssm params with secrets-manager secrets

.buildkite/pipeline.yaml

@@ -2,7 +2,6 @@ env:
   KAIZEN_ROLE_ARN: ${BRANCH_ROLE_ARN}
   KAIZEN_DOMAIN_NAME: ${BRANCH_DOMAIN_NAME}
   KAIZEN_DISTRIBUTION_ID: ${BRANCH_DISTRIBUTION_ID}
-  KAIZEN_SSM_PARAMETER_PATH: kaizen-design-system
 
 x-defaults: &defaults
   agent_query_rules: ["queue=build-unrestricted"]

.buildkite/scripts/release.sh

@@ -1,24 +1,25 @@
 #!/bin/sh
 set -e
 
-ssm_get() {
-  aws ssm get-parameter \
-    --name "/${KAIZEN_SSM_PARAMETER_PATH}/$1" \
-    --with-decryption \
-    --query Parameter.Value \
-    --output text
+get_secret() {
+  aws secretsmanager get-secret-value \
+    --secret-id "kaizen-design-system/$1" \
+    --query SecretString \
+    | tr -d '"'
 }
 
 main() {
-  printf "Fetching ssm parameters... "
-  github_deploy_key=$(ssm_get "github-deploy-key") || exit $?
-  npm_token=$(ssm_get "npm-token") || exit $?
+  printf "Fetching secrets... "
+  GH_SSH_KEY=$(get_secret "github-ssh-key") || exit $?
+  GH_TOKEN=$(get_secret "github-api-token") || exit $?
+  NPM_TOKEN=$(get_secret "npm-token") || exit $?
   echo "(done)"
 
-  unset github_deploy_key
-  unset npm_token
+  unset GH_SSH_KEY
+  unset GH_TOKEN
+  unset NPM_TOKEN
 }
 
 main
 
-unset -f main ssm_get
+unset -f main get_secret

docker-compose.yml

@@ -12,7 +12,6 @@ x-defaults: &defaults
     - AWS_DEFAULT_REGION
     - KAIZEN_DOMAIN_NAME
     - KAIZEN_DISTRIBUTION_ID
-    - KAIZEN_SSM_PARAMETER_PATH
     - KAIZEN_BASE_PATH
 
 services: