-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathstep-dev.yaml
125 lines (125 loc) · 3.93 KB
/
step-dev.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
version: '1.0'
kind: step-type
metadata:
name: moneylion/aws-secrets-manager-dev
title: (Dev) Fetch secrets from AWS Secrets Manager
version: 99.0.0
isPublic: false
description: Fetch secrets and export them to be used in subsequent steps.
sources:
- 'https://github.com/moneylion/cfstep-aws-secrets-manager'
stage: incubating
maintainers:
- name: Ling Cong Xiang
email: cling@moneylion.com
categories:
- aws
- secret management
official: false
tags: []
icon:
type: svg
url: 'https://d3f44cr96bpmfn.cloudfront.net/AWS-Secrets-Manager.svg'
background: '#f4f4f4'
examples:
- description: example-1
workflow:
FetchSecrets:
title: Fetch secrets from AWS Secrets Manager
type: moneylion/aws-secrets-manager-dev
arguments:
AWS_ACCESS_KEY_ID: ${{AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{AWS_SECRET_ACCESS_KEY}}
AWS_DEFAULT_REGION: a-region-1
AWS_IAM_ROLE_ARN: 'arn:aws:role/some-role'
secrets:
- secret_arn: arn:aws:secret-1
key: username
store_in: USERNAME
- secret_arn: arn:aws:secret-1
key: password
store_in: PASSWORD
created_at: '2021-07-22T14:07:54.580Z'
updated_at: '2021-07-22T14:07:54.580Z'
latest: true
spec:
arguments: |-
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"patterns": [],
"required": [
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"AWS_DEFAULT_REGION",
"secrets"
],
"properties": {
"AWS_ACCESS_KEY_ID": {
"type": "string",
"description": "AWS access key ID.",
"default": "${{AWS_ACCESS_KEY_ID}}"
},
"AWS_SECRET_ACCESS_KEY": {
"type": "string",
"description": "AWS secret access key.",
"default": "${{AWS_SECRET_ACCESS_KEY}}"
},
"AWS_DEFAULT_REGION": {
"type": "string",
"description": "AWS region to operate in.",
"default": "${{AWS_DEFAULT_REGION}}"
},
"AWS_IAM_ROLE_ARN": {
"type": "string",
"description": "The ARN of AWS IAM role to assume.",
"default": "${{AWS_IAM_ROLE_ARN}}"
},
"secrets": {
"type": "array",
"description": "A list of secrets to fetch.",
"items": {
"type": "object",
"required": [
"secret_arn",
"key",
"store_in"
],
"properties": {
"secret_arn": {
"type": "string",
"description": "Full or partial ARN of the secret."
},
"key": {
"type": "string",
"description": "JSON object key that identifies a secret value in the secret's object."
},
"store_in": {
"type": "string",
"description": "Environment variable to store the secret value in."
}
}
}
}
}
}
stepsTemplate: |-
main:
name: moneylion/aws-secrets-manager-dev
image: moneylioneng/cfstep-aws-secrets-manager:latest
environment:
- 'AWS_ACCESS_KEY_ID=[[ .Arguments.AWS_ACCESS_KEY_ID ]]'
- 'AWS_SECRET_ACCESS_KEY=[[ .Arguments.AWS_SECRET_ACCESS_KEY ]]'
- 'AWS_DEFAULT_REGION=[[ .Arguments.AWS_DEFAULT_REGION ]]'
- 'AWS_IAM_ROLE_ARN=[[ .Arguments.AWS_IAM_ROLE_ARN ]]'
[[ $secrets := slice ]]
[[ range $secret := .Arguments.secrets ]]
[[ $secret_str := (join (slice $secret.secret_arn $secret.key $secret.store_in) "#") ]]
[[ $secrets = (append $secret_str $secrets) ]]
[[ end ]]
- 'SECRETS=[[ join $secrets "|" | trimSpace ]]'
delimiters:
left: '[['
right: ']]'