search

jenkins-x / terraform-aws-eks-jx

A Terraform module for creating Jenkins X infrastructure on AWS
Apache License 2.0
63 stars 43 forks source link

Add support for AWS secrets manager #179

Open ankitm123 opened 4 years ago

ankitm123 commented 4 years ago

Summary

Presently, secrets for jx3 can only be stored in vault when using it with eks. AWS has a managed secret store called secrets manager. It would be nice to have support for it in jx3. https://aws.amazon.com/secrets-manager/

ankitm123 commented 4 years ago

/assign

Alps86 commented 3 years ago

Status?

babadofar commented 3 years ago

This works for me, after the recent fixes. Should we close this issue now?

robervexcel commented 3 years ago

@babadofar please how does it works for you? what values do you use in the jx-requirements file?

I used these values in terraform module with version 1.15.38

  use_vault             = false
  use_asm               = true

In jx-requirements file I tested it with secretStorage: asm and secretStorage: secretsManager

Thank you

mrmarcsmith commented 3 years ago

I'm curious, is this is integrated yet?

ankitm123 commented 3 years ago

Yes, this works now. Would be good to document if anything is missing @babadofar

msvticket commented 2 years ago

It doesn't work for me. I first tried just

  use_vault             = false
  use_asm               = true

When that didn't work I studied the code in terraform-aws-eks-jx and as a result added create_asm_role = true. This made secretStorage: asm change to secretStorage: secretsManager. But that didn't do much difference since .jx/secret/mapping/secret-mappings.yaml still refered to vault so the boot job still waited for the the secrets to turn up in vault.

ankitm123 commented 2 years ago

Which cluster git repo did you use? Did u try this? https://github.com/jx3-gitops-repositories/jx3-eks-asm

msvticket commented 2 years ago

No, my repo is based on jx3-eks-vault. When I first noticed that .jx/secret/mapping/secret-mappings.yaml needed chaning I first just did a search and replace from vault to secretsManager. That didn't work and I found that you had to specify the region. So in my case a fragment became this:

 spec:
   defaults:
     backendType: secretsManager
     region: eu-north-1

That didn't work properly either. I then tried to drop in the .jx/secret/mapping/secret-mappings.yaml from https://github.com/jx3-gitops-repositories/jx3-eks-asm, except that I added the missing region.