Secrets Are Not Available

[atomdmac]

I'm attempting to use this plugin to upload files to a B2 Backblaze bucket. If I insert my credentials directly into the .woodpecker.yml (which is obviously not a great idea), the upload works as expected.

If I attempt to replace the static values with secrets (see below), I get the error below.

Steps I've already taken:

• [x] Ensure that the secret names in Woodpecker UI match the ones in the YML
• [x] Ensure that the values are correct and match the ones in Backblaze
• [x] Ensure that the secrets are accessible from normal build steps (ex. using an echo "$SECRET_NAME" step in the commands section.

Error

0  time="2022-07-25T13:46:33Z" level=info msg="Attempting to upload" bucket=bucket-name endpoint=s3.us-west-000.backblazeb2.com region=us-west-000
1  time="2022-07-25T13:46:33Z" level=info msg="Uploading file" bucket=bucket-name name=/my/files/sample.txt
2  time="2022-07-25T13:46:34Z" level=error msg="Could not upload file" bucket=bucket-name error="InvalidAccessKeyId: Malformed Access Key Id\n\tstatus code: 403, request id: xxxxxxxx, host id: xxxxxx=" name=my/files/sample.txt
3  time="2022-07-25T13:46:34Z" level=fatal msg="InvalidAccessKeyId: Malformed Access Key Id\n\tstatus code: 403, request id: 664d8a998ec5266d, host id: xxxxxxx="

woodpecker.yml

  upload_files:
    image: woodpeckerci/plugin-s3
    settings:
      secrets:
        - S3_ACCESS_KEY_ID
        - S3_SECRET_ACCESS_KEY
      bucket: lnkbnk-e2e
      endpoint: s3.us-west-000.backblazeb2.com 
      region: us-west-000
      access_key: $S3_ACCESS_KEY_ID
      secret_key: $S3_SECRET_ACCESS_KEY
      source: /my/files.sample.txt
      target: /
    when:
      event: [pull_request]
      status: [failure]

I realize that this may very well be an issue with my particular server config, etc. but I wanted to check to see if anyone else has run into this issue before.

[6543]

https://codeberg.org/Codeberg-CI/feedback/issues/62#issuecomment-584418

[6543]

https://codeberg.org/Codeberg-CI/feedback/issues/62#issuecomment-586327

[pchampio]

I do not have access to the issue comment, what is the fix for this? I'm facing the same issue.

[6543]

copy-pasted:

you could try if that does make a difference:

   upload_files:
     image: woodpeckerci/plugin-s3
     settings:
-      secrets:
-        - S3_ACCESS_KEY_ID
-        - S3_SECRET_ACCESS_KEY
       bucket: lnkbnk-e2e
       endpoint: s3.us-west-000.backblazeb2.com 
       region: us-west-000
-      access_key: $S3_ACCESS_KEY_ID
-      secret_key: $S3_SECRET_ACCESS_KEY
+      access_key:
+        from_secret: S3_ACCESS_KEY_ID
+      secret_key:
+        from_secret: S3_SECRET_ACCESS_KEY
       source: /my/files.sample.txt
       target: /
     when:
       event: [pull_request]
       status: [failure]

or:

   upload_files:
     image: woodpeckerci/plugin-s3
+    secrets:
+      - S3_ACCESS_KEY_ID
+      - S3_SECRET_ACCESS_KEY
     settings:
-      secrets:
-        - S3_ACCESS_KEY_ID
-        - S3_SECRET_ACCESS_KEY
       bucket: lnkbnk-e2e
       endpoint: s3.us-west-000.backblazeb2.com 
       region: us-west-000
       access_key: $S3_ACCESS_KEY_ID
       secret_key: $S3_SECRET_ACCESS_KEY
       source: /my/files.sample.txt
       target: /
     when:
       event: [pull_request]
       status: [failure]

also make sure secrets are allowed for pull_request event

[6543]

answer from @atomdmac :+1:

@6543 Thank you for the suggestions!  The first one worked.  I had actually tried the `from_secret` syntax previously but I believe I was prepending my secret names with `$` erroneously.  Thanks again!

[pchampio]

It worked! Great! :+1: (using the first suggestions). I think you should update the doc, https://woodpecker-ci.org/plugins/plugin-s3, as the secrets example does not work.

[6543]

pulls are welcome :)

https://github.com/woodpecker-ci/plugin-s3/blob/master/docs.md