Gitlab-3 (AWS secret access)

June Chung
1 min readDec 3, 2020

--

AWS Secrets Manager
→ create the key — could be RDS, DynamoDB, or custom
→ Put in any <key> <value> pair

How to access :
1. via program code ex. require(aws)
2. via CLI command line
this will output a JSON format of file

  • Prerequisite
    - aws configure (login to AWS with right user)
    # Need to add in Secret Key & Secret Access Key
    - Need to create git-lab user to access in IAM
    # 1. create gitlab-user
    # 2. Add policy “secretsmanager:GetSecretValue”
    { “Version”: “2012–10–17”,
    “Statement”: [
    { “Sid”: “GitlabCiPolicy”,
    “Effect”: “Allow”,
    “Action”: [
    “secretsmanager:GetSecretValue” ],
    “Resource”: “*” } ]}
    # 3. Go to KMS and add gitlab-user to access (in json policy)
    → under Sid “Allow usage of key” add the ARN for the gitlab-user “arn:aws:iam::925878512292:user/gitlab-user”
  • Getting the secret value
    aws secretsmanager get-secret-value --secret-id development/MyTestDatabase
  • Getting individual secret value
    aws secretsmanager get-secret-value — secret-id Sonarqube-Secret | jq --raw-output ‘.SecretString’ | jq -r .”SONAR_LOGIN_TOKEN”
    (if you put --raw-output or -r, it will not have "" covering it )

--

--