Comments (5)
commented on June 27, 2024
1
@parveshmourya sorry, super delayed answer.
Nope, it didn't work but maybe it was I'm not experienced with Jenkins plugins. Finally we decided to follow a different method to gather secrets from AWS Secret Manager and I didn't have time to back to this.
I didn't test the new version but if it's working I think we can close this issue.
from aws-secrets-manager-credentials-provider-plugin.
chriskilding
commented on June 27, 2024
The plugin instantiates a standard instance of the AWS Java SDK client; the only override to its behaviour is to change the EndpointConfiguration if you've set this in Jenkins config.
By default the SDK's authentication strategy is DefaultAWSCredentialsProviderChain:
AWS credentials provider chain that looks for credentials in this order:
- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
- Java System Properties - aws.accessKeyId and aws.secretKey
- Web Identity Token credentials from the environment or container
- Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
- Instance profile credentials delivered through the Amazon EC2 metadata service
I would recommend running the AWS CLI in your container environment to do some Secrets Manager calls - with all the same env vars as you've given Jenkins - and see which IAM role it uses.
from aws-secrets-manager-credentials-provider-plugin.
commented on June 27, 2024
AWS CLI works fine, so based in what you said, I think the problem is related to: aws/aws-sdk-java#2136. As far as I see the sdk version used by the plugin is 1.12.131 so it should be ok but it's necessary to add aws-java-sdk-sts to the pom file.
I've never tried to build a plugin but I will try to test it.
from aws-secrets-manager-credentials-provider-plugin.
chriskilding
commented on June 27, 2024
Nice detective work :) If adding aws-java-sdk-sts to the pom fixes it for you, then I'll be sure to get that included
from aws-secrets-manager-credentials-provider-plugin.
parmou
commented on June 27, 2024
@nahuelcassinarijamf did it work as expected after adding aws-java-sdk-sts to the pom?
from aws-secrets-manager-credentials-provider-plugin.
Related Issues (20)
- Can we pass googleoauth2 parameters in the helm chart with this plugin HOT 2
- when we use filters option and deploy jenkins with configuration as code, plugin is not able to read if secrets are more than 10 HOT 6
- Support AWS credentials HOT 2
- Icons don't display for "SSH User Private Key" & "Certificate" credentials types HOT 4
- Support for browerstack credential kind HOT 2
- Cross-account role access doesn't appear to work HOT 3
- Make this plugin configurable at folder level, not just centrally HOT 7
- AWS EKS 1.24 client is not respecting jenkins-master pod role HOT 5
- casc config reports improper filter value HOT 5
- reading json secrets HOT 2
- Create support for username-password passing without tag value limitations HOT 3
- Support the popular AmazonWebServicesCredentialsBinding credential types HOT 2
- SSH Keys not working with sshagent
- Ability to set STS endpoint
- The plugin does not pick up Jenkins' proxy settings HOT 4
- Content goes to 404 in Jenkins's documentation
- File Credentials stored in AWS cannot be validated HOT 3
- Don't remove credentials during temporary issues HOT 3
- Github app credentials integrations HOT 1
- "Could not list credentials in Secrets Manager" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-secrets-manager-credentials-provider-plugin.