aherman
/
packer
mirror of https://github.com/hashicorp/packer
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '180feebaea'
${ noResults }
packer/website/content/docs/from-1.5/functions/contextual/aws_secretsmanager.mdx

93 lines
2.7 KiB
Raw Blame History

---
page_title: aws_secretsmanager - Functions - Configuration Language
sidebar_title: aws_secretsmanager
description: >-
The aws_secretsmanager function retrieves secrets from Amazon secretsmanager
stores.
---
# `aws_secretsmanager_key` Function
Secrets can be read from the [AWS Secrets
Manager](https://aws.amazon.com/secrets-manager/) and used within your template
as locals.
~> Note: Support for AWS secrets will always obtain the latest version of a secret, essentially
AWSCURRENT. Support for previous versions of a secret is not supported.
```hcl
aws_secretsmanager(name, key)
```
When key is not set (`null` or empty: `""`) then `aws_secretsmanager` returns
the first secret key stored in secret `name`.
You can either use this function in a `locals` block or directly inline where
you want to use the value.
```hcl
locals {
secret = aws_secretsmanager("my_secret", null)
}
source "null" "first-example" {
communicator = "none"
}
build {
name = "my-build-name"
sources = ["null.first-example"]
provisioner "shell-local" {
environment_vars = ["TESTVAR=${build.PackerRunUUID}"]
inline = ["echo my_secret is '${local.secret}'",
"echo my_secret using an inline call is '${aws_secretsmanager("my_secret", null)}'."]
}
}
```
This will load the key stored behind `my_secret` from aws secrets manager.
The retrieval of single key secrets or plaintext secrets can be obtained by specifying (`null` or empty: `""`) as the `key`.
When obtaining secrets that have multiple keys you can set `key` to the specific key you would like
to fetch. For example, given the following secret with two keys if `key` is set to "shell" `aws_secretsmanager` will
return only its value.
```json
{
"test": "kitchen",
"shell": "powershell"
}
```
```hcl
locals {
secret = aws_secretsmanager("multikey/secret", "shell")
}
source "null" "first-example" {
communicator = "none"
}
build {
name = "my-build-name"
sources = ["null.first-example"]
provisioner "shell-local" {
environment_vars = ["TESTVAR=${build.PackerRunUUID}"]
inline = ["echo my_secret is '${local.secret}'"]
}
}
```
This will load the value `"powershell"` stored in the key `"shell"` behind `multikey/secret`.
In order to use this function you have to configure valid AWS credentials using
one of the following methods:
- [Environment Variables](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
- [CLI Configuration Files](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
- [Container Credentials](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html)
- [Instance Profile Credentials](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
Reference in new issue View Git Blame Copy Permalink