-
Bug
-
Resolution: Fixed
-
Major
-
None
I created credentials like this:
aws secretsmanager create-secret --name 'jks/DB_USER_XXXXX' --secret-string 'zzzzzz' --tags 'Key=jenkins:credentials:username,Value=uuuuu' --description 'dddddddd'
Then I used the documented policy template: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/blob/master/docs/iam/secret-namespace-id.json to filter credentials by a namespace.
My complete policy looked like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:::secret:jks/*",
"Effect": "Allow"
},
{
"Action": "secretsmanager:ListSecrets",
"Resource": "*",
"Effect": "Allow"
}
]
}
unfortunate this ends up in this error:
com.cloudbees.plugins.credentials.CredentialsUnavailableException: Property 'secret' is currently unavailable, reason: Could not retrieve the credential jks/DB_USER_XXXXX from AWS Secrets Manager
at io.jenkins.plugins.credentials.secretsmanager.RealAwsCredentials.getSecretValue(RealAwsCredentials.java:44)
at io.jenkins.plugins.credentials.secretsmanager.AwsCredentials.getSecretString(AwsCredentials.java:127)
at io.jenkins.plugins.credentials.secretsmanager.AwsCredentials.getPassword(AwsCredentials.java:70)
at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:78)
at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:135)
When setting the `"Resource": "*"` for `secretsmanager:GetSecretValue` too, then it works, but the namespace filter does not work.
- links to
