Gitlab-3 (AWS secret access)
1 min readDec 3, 2020
AWS Secrets Manager
→ create the key — could be RDS, DynamoDB, or custom
→ Put in any <key> <value> pair
How to access :
1. via program code ex. require(aws)
2. via CLI command line
this will output a JSON format of file
- Prerequisite
- aws configure (login to AWS with right user)
# Need to add in Secret Key & Secret Access Key
- Need to create git-lab user to access in IAM
# 1. create gitlab-user
# 2. Add policy “secretsmanager:GetSecretValue”
→{ “Version”: “2012–10–17”,
# 3. Go to KMS and add gitlab-user to access (in json policy)
“Statement”: [
{ “Sid”: “GitlabCiPolicy”,
“Effect”: “Allow”,
“Action”: [
“secretsmanager:GetSecretValue” ],
“Resource”: “*” } ]}
→ under Sid “Allow usage of key” add the ARN for the gitlab-user “arn:aws:iam::925878512292:user/gitlab-user” - Getting the secret value
aws secretsmanager get-secret-value --secret-id development/MyTestDatabase
- Getting individual secret value
aws secretsmanager get-secret-value — secret-id Sonarqube-Secret | jq --raw-output ‘.SecretString’ | jq -r .”SONAR_LOGIN_TOKEN”
(if you put --raw-output or -r, it will not have "" covering it )