Open lennertcc opened 1 week ago
@lennertcc This seems to be a gap between our deploy
and run local
. CloudFormation (the deployment mechanism of deploy
) is able to take secret names followed by a JSON key. The AWS SDK API, which is what run local
get the secret values by, does not.
I'm leaning towards considering this a feature request. It is expected that there is some gap between deploy
and run local
, and the non-JSON-key secret ARNs work. Please let me know if you disagree!
To support this. we will need to:
smtp-mailing
) from the resource name that you provided smtp-mailing:smtp_email_host_user::
. This tells us that smtp-mailing
is the name and smtp_email_host_user
is the JSON key.smtp_email_host_user
key from it.For now, you can use --env-var-override
to provide the value from your local machine:
run local --env-var-override EMAIL_HOST_USER=user --env-var-override EMAIL_HOST_PASSWORD=pass
Thank you for investigating.
I think it would be nice to fix gaps in general, just because of the developer experience. But having the secrets written with their json key like this is not a must have in any way. At least in my application I can easily rewrite it to get the whole secret value and get the individual json keys in code.
So for now I will solve it on my side, avoiding the use of json keys.
Hopefully I won't run into the next gap right after that, or you will hear from me again soon ;).
Description:
Using
copilot run local --use-task-role --proxy --name app --env test
runs into an error in get secrets: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!Details:
copilot version: v1.33.4
Manifest (stripped down a bit):
Observed result:
$ copilot run local --use-task-role --proxy --name app --env test
✘ get task: get env vars: get secrets: get secret "arn:aws:secretsmanager:eu-central-1:123123123123:secret:smtp-mailing:smtp_email_host_user::": get secret "arn:aws:secretsmanager:eu-central-1:123123123123:secret:smtp-mailing:smtp_email_hostuser::" from secrets manager: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/+=.@! status code: 400, request id: 3ed0f718-bd00-4a1f-b827-4b6850e6a2a6
Expected result:
I expect the secrets are being fetched, just like during deployment with a copilot pipeline.
Debugging: