In the helm chart, there is a value representing concourse.web.awsSecretsManager.enabled and similarly concourse.web.awsSsm.enabled. These values default to false.
If the concourse.web.awsSecretsManager.region or concourse.web.awsSsm.region are supplied Concourse still tries to look for secrets in AWS SecretsManager or SSM respectively, even though the enabled flag is false.
Describe the bug
In the helm chart, there is a value representing
concourse.web.awsSecretsManager.enabled
and similarlyconcourse.web.awsSsm.enabled
. These values default tofalse
.If the
concourse.web.awsSecretsManager.region
orconcourse.web.awsSsm.region
are supplied Concourse still tries to look for secrets in AWS SecretsManager or SSM respectively, even though the enabled flag isfalse
.Reproduction steps
(default for enabled flag is false) deploy a pipeline that expects a secret and Concourse will go looking in SecretsManager / Ssm for that secret.
Expected behavior
Concourse looks only in Kubernetes Secrets
Additional context
looks trivial to fix, will raise a PR