问题描述
我正在创建与 SonarQube 集成的 CodeBuild,因此我直接在我的 Buildspec.yaml 中传递值和声纳凭据
Im working on creating the CodeBuild which is integrated with SonarQube, So I pass values and sonar credentials directly in my Buildspec.yaml
我尝试使用 SecretManager 中的以下命令进行检索,而不是直接进行硬编码,因为它在以下链接中有所提及.但它没有得到正确的值.它会引发错误.
Instead of Hardcoding directly, I tried to retrieve using the below command from SecretManager as it is mentioned in the below link. But it is not getting the correct values. it throws an error.
命令:'{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}'
Command : '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}'
错误 [错误] SonarQube 服务器 [{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-1:********:secret:**********:SecretString:SonarURL}}] 无法访问
Error [ERROR] SonarQube server [{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-1:********:secret:**********:SecretString:SonarURL}}] can not be reached
我如何使用 echo '{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-1:***:secret:**************:SecretString:*******}}'
How I used echo '{{resolve:secretsmanager:arn:aws:secretsmanager:us-east-1:***:secret:**************:SecretString:*******}}'
注意:我的命令中的所有 * 都是 secretname 和 secreturl
Note: All the * inside my commard are the secretname and secreturl
推荐答案
如果您希望在 buildspec 文件中检索机密,我建议使用与 CodeBuild 原生集成的 Systems Manager Parameter Store.Systems Manager 本身就是一项服务,从 AWS 控制台主页搜索它,然后 Paramater Store 在 Systems Manager 控制台页面的左下方.
If you wish to retrieve secrets in your buildspec file, I would recommend to use Systems Manager Parameter Store which is natively integrated with CodeBuild. Systems Manager is a service in itself, search it from the AWS Console homepage, then Paramater Store is in the bottom left of the Systems Manager Console page.
假设您想在 buildspec.yml 文件中包含访问密钥和秘密密钥:
- 为 IAM 用户创建 AccessKey/SecretKey 对
- 将上述密钥作为安全字符串保存在 SSM 参数存储中(例如/CodeBuild/AWS_ACCESS_KEY_ID"和/CodeBuild/AWS_SECRET_ACCESS_KEY")
- 使用以下 buildspec 指令导出构建环境中的两个值:
Lets assume you want to include Access Key and Secret Key in buildspec.yml file:
- Create AccessKey/SecretKey pair for a IAM User
- Save the above keys in an SSM parameter store as secure string (e.g. '/CodeBuild/AWS_ACCESS_KEY_ID' and '/CodeBuild/AWS_SECRET_ACCESS_KEY')
- Export the two values in your build environment using the following buildspec directive(s):
version: 0.2
env:
parameter-store:
AWS_ACCESS_KEY_ID_PARAM: /CodeBuild/AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY_PARAM: /CodeBuild/AWS_SECRET_ACCESS_KEY
phases:
build:
commands:
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_PARAM
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_PARAM
# Your Ansible commands below
- ansible-playbook -i hosts ec2-key.yml
[1] CodeBuild 的构建规范参考 - 构建规范语法 - https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-syntax
[1] Build Specification Reference for CodeBuild - Build Spec Syntax - https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-syntax
这篇关于如何在 buildspec.yaml 中检索 Secret Manager 数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!