Search code examples

How to access a key value pair secret from AWS Secrets Manager, in concourse?

I have a concourse environment deployed using bosh. It is configured with AWS Secrets Manager. The pipeline secret template is of the form /concourse/{{.Team}}/{{.Secret}}

I have a secret /concourse/team1/general created in AWS Secrets Manager (Other type of secrets) with the below value.

  "gitbranch": "master",
  "hello": "2",
  "general": "hi"

I have a concourse pipeline hello-world.yml set in team1 team.

- name: job
  public: true
  - task: check-secret
      platform: linux
        type: registry-image
        source: { repository: busybox }
        path: echo
        args: ["((general))"]

This pipeline outputs the value as


But, if I change the args (last line) in pipeline to args: ["((general.gitbranch))"], then, I get the below error

failed to interpolate task config: cannot access field 'gitbranch' of non-map value ('string') from var: general.gitbranch

Is it possible to access any of the key value pairs in the secret from AWS Secrets Manager, in the concourse pipeline? If yes, how to do so?


  • Answering my own question.

    By creating the secret using cli with the parameter --secret-binary, I was able to achieve to fetch the key value pairs.

    (Previously, I was creating the secret from aws console, which got created as a secret string.)

    I used the below command to update my secret to create the secret as a binary.

    b64key=$(base64 secrets.json)
    aws secretsmanager update-secret \
        --secret-id  /concourse/team1/general \
        --secret-binary "$b64key"

    I found this using-aws-secrets-manager-with-concourse-ci and it was helpful in solving the issue.

    If anyone knows a way to do this in console, kindly let me know.