Key/Value Secrets

[sabooker]

The v2 template only has allocation to add a single secret store to the IAM role. How can I store multiple secrets and read from them?

I tried to use. {{{ SECRET_STORE.password }}} as an example and I see the password was set, but it is not the password stored in SM.

The output of SM key/value pairs contains a bunch of \, so I'm wondering if that is possible for the runtimeinit to parse this and read out the data? "SecretString": "{\"password\":\"testpassword\",\"pass_cert\":\"testcertpass\"}"

[mikeshimkus]

Hi @sabooker, which v2 template are you using?

The first method is to customize the templates and runtime config to reference multiple secrets. This requires hosting those templates somewhere the cloud provider can access them.

Referencing multiple secrets using dot notation has been tested with Hashicorp Vault, but not the other cloud secret providers. Is the output of SecretString you shared directly from the cloud provider? If so, it looks like that's a string and not JSON, which would cause it to fail.

Runtime init could be improved to convert that string to JSON, which would need a new RFE.

[sabooker]

I'm using autoscale-payg. I found I could work around this by using f5* as the secret arn in the template, and then using multiple secrets named "f5-cert", "f5-secret", etc