How to use AWS Secrets Manager as Credentials Backend


#1

We are trying to use aws secrets manager and are unsure about how to properly name the keys in ASM and then reference them back in the pipeline definition.

We have a secret in ASM with the key /concourse/my-team/local.common.aws-secret-access-key.
In the pipeline we reference the secret like this:

aws-secret-access-key: ((local.common.aws-secret-access-key))

When we run:

fly -t my-team set-pipeline --pipeline "the-pipeline" \
        --config "pipeline.yaml" \
        --non-interactive \
        --check-creds

It fails with Expected to find variables: local

May there a problem with the keyname containing dots?

Best, Till


#2

If it tells you Expected to find variables: local, yes, it means it is looking up a variable with that name. You can quickly check your hypothesis (dots not accepted) by using another variable name without dots.


#3

@marco-m we found the code that is actually doing the “split by dot”: https://github.com/cloudfoundry/bosh-cli/blob/master/director/template/template.go#L167

So I guess we just change the var name :wink: