Closed jxwaters closed 1 year ago
As it is right now, the secretsmanager:ListSecrets API is invoked at least once. I can see why this could be an unexpected behavior and I think it's ok marking it as a bug or anyway something that can be fixed within the scope of the 2.0 release.
Actually, it was user error, it DOES work with AcceptedSecretARNs defined.
if (Options.AcceptedSecretArns.Count > 0) { return Options.AcceptedSecretArns.Select(x => new SecretListEntry{ARN = x, Name = x}).ToList(); }
When deployed to AWS, it fails calling
Kralizek.Extensions.Configuration.Internal.SecretsManagerConfigurationProvider.FetchAllSecretsAsync(CancellationToken cancellationToken)
With error
---> Amazon.SecretsManager.AmazonSecretsManagerException: User: arn:aws:sts::*REDACTED is not authorized to perform: secretsmanager:ListSecrets because no identity-based policy allows the secretsmanager:ListSecrets action
How do I get it to only get the requested secrets?
I am using partial ARNs (just the unique keynames - is that why?