Gitlab-3 (AWS secret access)

AWS Secrets Manager
→ create the key — could be RDS, DynamoDB, or custom
→ Put in any <key> <value> pair

How to access :
1. via program code ex. require(aws)
2. via CLI command line
this will output a JSON format of file

• Prerequisite
  - aws configure (login to AWS with right user)
  # Need to add in Secret Key & Secret Access Key
  - Need to create git-lab user to access in IAM
  # 1. create gitlab-user
  # 2. Add policy “secretsmanager:GetSecretValue”
  → { “Version”: “2012–10–17”,
“Statement”: [
{ “Sid”: “GitlabCiPolicy”,
“Effect”: “Allow”,
“Action”: [
“secretsmanager:GetSecretValue” ],
“Resource”: “*” } ]}
# 3. Go to KMS and add gitlab-user to access (in json policy)
  → under Sid “Allow usage of key” add the ARN for the gitlab-user “arn:aws:iam::925878512292:user/gitlab-user”
• Getting the secret value
  aws secretsmanager get-secret-value --secret-id development/MyTestDatabase
• Getting individual secret value
  aws secretsmanager get-secret-value — secret-id Sonarqube-Secret | jq --raw-output ‘.SecretString’ | jq -r .”SONAR_LOGIN_TOKEN”
(if you put --raw-output or -r, it will not have "" covering it )